Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-08-31T07:00:16
Updated: 2024-08-03T10:21:32.603Z
Reserved: 2022-07-29T00:00:00
Link: CVE-2022-37023
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-31T07:15:07.420
Modified: 2024-11-21T07:14:18.380
Link: CVE-2022-37023
Redhat
No data.