Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data com.hazelcast:hazelcast-spring is a Hazelcast Spring Data integration Project. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. If an attacker could reach a listening `Hazelcast` instance with a crafted `<code>JoinRequest</code>`, and vulnerable classes are also on the `classpath`, they could run arbitrary shell commands. Hazelcast would blindly deserialize any object it receives in that request stream. How to fix Deserialization of Untrusted Data? Upgrade `com.hazelcast:hazelcast-spring` to version 3.10.1 or higher.	[,3.10.1)

Deserialization of Untrusted Data

com.hazelcast:hazelcast-spring is a Hazelcast Spring Data integration Project.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. If an attacker could reach a listening Hazelcast instance with a crafted <code>JoinRequest</code>, and vulnerable classes are also on the classpath, they could run arbitrary shell commands. Hazelcast would blindly deserialize any object it receives in that request stream.

How to fix Deserialization of Untrusted Data?

Upgrade com.hazelcast:hazelcast-spring to version 3.10.1 or higher.

[,3.10.1)

Go back to all versions of this package