In Hazelcast prior to 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hazelcast hazelcast |
Get our weekly newsletter Cluster tech vulnerability means either patching or port tinkering could be on the cards
Atlassian has demonstrated the interconnectedness of all things with a warning that some versions of Bitbucket Data Center and Confluence Data Center require patching courtesy of the Hazelcast Java deserialization vulnerability. Hazelcast is an in-memory data grid and spreads data over the nodes of a cluster and is used for efficiency and performance via its in-memory tech. It is also relatively environment agnostic, running happily on-premises or in Microsoft, Amazon, and Google's clouds. The v...