Details

    • Sprint:
      Repo vulnerabilities sprint 2
    • Delivery Team:
      Feature Teams
    • Template:

      Description

      hazelcast-2.4.jar
      CVE-2016-10750
      CVSS3 Score 8.1

      In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.

       

        Attachments

          Structure

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                glazar George Lazar [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel