It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HInfinispan
APPInfinispan9.2.0≤ 9.1.6
Powiązane podatności
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixatio...
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contain...
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class Reflection...
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server ...
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is ...