CVE-2016-0750

Summary

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Affected Software

VendorProductVersion RangeStatus
Red HatInfinispan9.1.0.Finalaffected

Weaknesses

  • CWE-138: CWE-138

ADP Enrichment

CVE Program Container

Additional References

References