It was found that the Hotrod client in Infinispan prior to 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
infinispan infinispan 9.2.0 |
||
infinispan infinispan |