Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data com.hazelcast:hazelcast-all is a clustering and highly scalable data distribution platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. If an attacker could reach a listening `Hazelcast` instance with a crafted `<code>JoinRequest</code>`, and vulnerable classes are also on the `classpath`, they could run arbitrary shell commands. Hazelcast would blindly deserialize any object it receives in that request stream. How to fix Deserialization of Untrusted Data? Upgrade `com.hazelcast:hazelcast-all` to version 3.10.1 or higher.	[,3.10.1)

Deserialization of Untrusted Data

com.hazelcast:hazelcast-all is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. If an attacker could reach a listening Hazelcast instance with a crafted <code>JoinRequest</code>, and vulnerable classes are also on the classpath, they could run arbitrary shell commands. Hazelcast would blindly deserialize any object it receives in that request stream.

How to fix Deserialization of Untrusted Data?

Upgrade com.hazelcast:hazelcast-all to version 3.10.1 or higher.

[,3.10.1)

Go back to all versions of this package