CVE-2017-15089
CVE-2017-15089
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Affected products
Infinispan · infinispanWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2018:0294https://access.redhat.com/errata/RHSA-2018:0478https://access.redhat.com/errata/RHSA-2018:0479https://access.redhat.com/errata/RHSA-2018:0480https://access.redhat.com/errata/RHSA-2018:0481https://access.redhat.com/errata/RHSA-2018:0501https://access.redhat.com/errata/RHSA-2019:1326https://github.com/infinispan/infinispan/pull/5639http://www.securitytracker.com/id/1040360