CVE-2018-1131
N/A
N/A
Summary
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | infinispan | 9.0.3.Final | affected |
| Red Hat, Inc. | infinispan | 9.1.7.Final | affected |
| Red Hat, Inc. | infinispan | 8.2.10.Final | affected |
| Red Hat, Inc. | infinispan | 9.2.2.Final | affected |
| Red Hat, Inc. | infinispan | 9.3.0.Alpha1 | affected |
Weaknesses
- CWE-349: CWE-349
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1576492
- http://www.securityfocus.com/bid/104218
- https://access.redhat.com/errata/RHSA-2018:1833
- https://access.redhat.com/errata/RHSA-2019:3892
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1576492
- http://www.securityfocus.com/bid/104218
- https://access.redhat.com/errata/RHSA-2018:1833
- https://access.redhat.com/errata/RHSA-2019:3892
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.