-
Type:
Sub-task
-
Status: Done
-
Resolution: Done
-
Affects Version/s: 5.2
-
Fix Version/s: 5.2.N
-
Component/s: Share Application
-
Labels:None
-
Sprint:Repo vulnerabilities sprint 2
-
Delivery Team:Feature Teams
hazelcast-2.4.jar |
CVE-2016-10750 |
CVSS3 Score 8.1 |
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.