16 matches found
EUVD-2024-2493
Malicious code in bioql PyPI...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to redisson-3.17.7 (CVE-2023-42809)
Summary redisson is used by DataStage on Cloud Pak for Data as part of the Redis Java client. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuading a victim to...
CVE-2023-42809
Deserialization of untrusted data vulnerability was found in Redisson, as some messages received from the Redis server contain Java objects that the client deserializes without further validation. This flaw allows attackers who manage to trick clients into communicating with a malicious server to...
ai.grakn:grakn-dist (=0.16.0), ai.grakn:grakn-engine (=0.16.0) +1568 more potentially affected by CVE-2023-42809 via org.redisson:redisson (>=1.0.1 <=3.21.3)
org.redisson:redisson MAVEN version =1.0.1, =1.0, =1.2.1, =1.0.0, =2.2.13.RELEASE, =1.3.0, =1.0.0, =1.0.0, =0.0.1, =1.0.3 and more Source cves: CVE-2023-42809 Source advisory: OSV:GHSA-4HVC-QWR2-F8RV...
Redisson vulnerable to Deserialization of Untrusted Data
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
GHSA-4HVC-QWR2-F8RV Redisson vulnerable to Deserialization of Untrusted Data
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
Security Bulletin: Security Vulnerabilities in redisson package affect IBM Voice Gateway
Summary Security Vulnerabilities in redisson package affect the SMS Gateway component of IBM Voice Gateway Vulnerability Details CVEID: CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuadi...
CVE-2023-42809
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
Deserialization of untrusted data
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
CVE-2023-42809 Redisson unsafe deserialization vulnerability
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
CVE-2023-42809
CVE-2023-42809 affects the Redisson Java Redis client (Netty). Before version 3.22.0, responses from a malicious Redis server could contain crafted Java objects that are deserialized by the client without sufficient validation, enabling arbitrary code execution and potential full system compromis...
CVE-2023-42809 Redisson unsafe deserialization vulnerability
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
CVE-2023-42809 Redisson unsafe deserialization vulnerability
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious serv...
PT-2023-28595 · Oracle · Java
Name of the Vulnerable Software and Affected Versions: Redisson versions prior to 3.22.0 Description: The issue concerns a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some messages received from the Redis server contain Java objects that the client deserializes witho...
Redisson Code Issue Vulnerability
Redisson is a Java memory-resident data grid from Redisson open source. A code issue vulnerability exists in Redisson version 3.22.0, which stems from the fact that some messages received from a Redis server contain client-side deserialized Java objects without further validation, which can be...
Information Disclosure
redisson is vulnerable to information disclosure. The vulnerability exists because the generated exception message in the LogHelper file using the function LogHelper.toString with single object as argument does not obscure radis password causing the sensitive information to be logged as plaintext...