Lucene search
RedhatCVELIST:CVE-2018-1131HistoryMay 15, 2018 - 1:00 p.m.
CVE-2018-1131
2018-05-1513:00:00
CWE-349
redhat
www.cve.org
6
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
CNA Affected
[
{
"product": "infinispan",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "9.0.3.Final"
},
{
"status": "affected",
"version": "9.1.7.Final"
},
{
"status": "affected",
"version": "8.2.10.Final"
},
{
"status": "affected",
"version": "9.2.2.Final"
},
{
"status": "affected",
"version": "9.3.0.Alpha1"
}
]
}
]Related
redhatcve
redhatcve
CVE-2018-1131
2019-10-10 04:05:39
osv
osv
CVE-2018-1131
2018-05-15 13:29:00
Deserialization of Untrusted Data in Infinispan
2022-05-13 01:33:29
veracode
veracode
Remote Code Execution (RCE)
2018-05-16 05:11:35
github
github
Deserialization of Untrusted Data in Infinispan
2022-05-13 01:33:29
redhat
redhat
(RHSA-2018:1833) Important: Red Hat JBoss Data Grid 7.2.1 security update
2018-06-12 10:47:31
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16
prion
prion
Deserialization of untrusted data
2018-05-15 13:29:00
nvd
nvd
CVE-2018-1131
2018-05-15 13:29:00
cve
cve
CVE-2018-1131
2018-05-15 13:29:00