RSS   Vulnerabilities for 'Hazelcast'   RSS

2022-03-03
 
CVE-2022-0265

CWE-611
 

 
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1.

 
2019-05-22
 
CVE-2016-10750

CWE-502
 

 
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.

 


Copyright 2024, cxsecurity.com

 

Back to Top