CVE-2017-15089

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15089

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15089.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-15089

Aliases

GHSA-46r5-59fg-2fjc

Related

Published

2018-02-15T17:29:00Z

Modified

2024-05-13T23:25:54Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

References

Affected packages

Git / github.com/infinispan/infinispan

Affected ranges

Type: GIT
Repo: https://github.com/infinispan/infinispan
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

268ed3e7b97455765d1c99d2077fa2ba7033c090

Last affected

504f165a5b57383e63bf07255692980c5b047bb2

Last affected

a033408817810a1f7f2cd12f5e8e272fc0cc0028

Last affected

b09f4e12a13afbbd33e5248f7d119008f49d961b

Last affected

c8d9c890f5b7250853fc324b9c003a4c234608a1

Last affected

f53f4894daca9922c5a01c11406588124f9ba0ba