A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan’s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
access.redhat.com/errata/RHSA-2020:0481
access.redhat.com/errata/RHSA-2020:0727
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174
github.com/infinispan/infinispan
github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214
github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2
nvd.nist.gov/vuln/detail/CVE-2019-10174
security.netapp.com/advisory/ntap-20220210-0018