CVE-2022-36437

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-36437

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36437.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-36437

Aliases

GHSA-c5hg-mr8r-f6jp

Published

2022-12-29T23:15:09Z

Modified

2024-09-02T21:36:39Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.

References

https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp

Affected packages

Git / github.com/hazelcast/hazelcast

Affected ranges

Type: GIT
Repo: https://github.com/hazelcast/hazelcast
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

787803d32dbf978ae054e752443e76bb9a723638

Type: GIT
Repo: https://github.com/hazelcast/hazelcast-jet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7b9a3dc56b633afa861b3fe7dada19d246e835a2