The hotrod java client in infinispan prior to 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
infinispan infinispan |