Vulnerabilities

CVE-2017-15089

by Fred · 15/02/2018

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Date published : 2018-02-15

https://github.com/infinispan/infinispan/pull/5639

https://access.redhat.com/errata/RHSA-2018:0294

Similar

Tags: Cybersecurity Alert