Lucene search
GoogleOSV:GHSA-QQFC-M9HC-PQV3HistoryMay 13, 2022 - 1:33 a.m.
Deserialization of Untrusted Data in Infinispan
2022-05-1301:33:29
Google
osv.dev
11
infinispan
deserialization
untrusted data
xml
json
code execution
security issue
versions affected
EPSS
0.003
Percentile
68.1%
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
Related
veracode
veracode
Remote Code Execution (RCE)
2018-05-16 05:11:35
github
github
Deserialization of Untrusted Data in Infinispan
2022-05-13 01:33:29
redhatcve
redhatcve
CVE-2018-1131
2019-10-10 04:05:39
osv
osv
CVE-2018-1131
2018-05-15 13:29:00
cvelist
cvelist
CVE-2018-1131
2018-05-15 13:00:00
redhat
redhat
(RHSA-2018:1833) Important: Red Hat JBoss Data Grid 7.2.1 security update
2018-06-12 10:47:31
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16
prion
prion
Deserialization of untrusted data
2018-05-15 13:29:00
nvd
nvd
CVE-2018-1131
2018-05-15 13:29:00
cve
cve
CVE-2018-1131
2018-05-15 13:29:00