org.infinispan:infinispan-core
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.infinispan:infinispan-corepage 1 of 1
- CVE-2017-15089HIGHCVSS 8.8EG 8.8✓ Fixed in 9.2.0.CR12018-02-15
vulnerable: 5.0.0.FINAL ... 9.2.0.Beta2 (174 versions)
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserializatio…
- CVE-2018-1131HIGHCVSS 8.8EG 8.8✓ Fixed in 9.3.1.Final2018-05-15
vulnerable: 9.3.0.Alpha1, 9.3.0.Beta1, 9.3.0.CR1, 9.3.0.Final
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept cert…
- CVE-2019-10158CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.4.15.Final2020-01-02
vulnerable: 5.0.0.FINAL ... 9.4.9.Final (215 versions)
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
- CVE-2019-10174HIGHCVSS 8.8EG 8.8✓ Fixed in 9.4.17.Final2019-11-25
vulnerable: 9.0.0.Final ... 9.4.9.Final (62 versions)
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use refle…
- CVE-2020-25711MEDIUMCVSS 6.5EG 6.5✓ Fixed in 11.0.6.Final2020-12-03
vulnerable: 10.0.0.Alpha1 ... 9.4.9.Final (263 versions)
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down t…
- CVE-2023-5384HIGHCVSS 7.2EG 7.2✓ Fixed in 14.0.25.Final2023-12-18
vulnerable: 10.0.0.Alpha1 ... 9.4.9.Final (368 versions)
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the confi…
Check whether org.infinispan:infinispan-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.infinispan:infinispan-core CVEs against the assets you own.
Start Free Scan →