CVE-2022-37021
Apache Geode is vulnerable to deserialization of untrusted data when using JMX over RMI on Java 8 in versions up to 1.12.5, 1.13.4, and 1.14.0. The advised fix is to upgrade to Geode 1.15 with Java 11. If Java 11 is not possible, upgrade to Geode 1.15 and start Locators/Servers with --J=-Dgeode.e...