The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-09-11T13:00:00
Updated: 2024-08-05T22:30:04.027Z
Reserved: 2015-12-16T00:00:00
Link: CVE-2016-0750
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-11T13:29:00.433
Modified: 2024-11-21T02:42:18.180
Link: CVE-2016-0750
Redhat