Homepage
About Snyk

com.hazelcast:hazelcast@3.12.13 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.hazelcast:hazelcast package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Authorization

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Improper Authorization due to missing permission checks on the Hazelcast client protocol. Authenticated users can access data stored in the cluster by exploiting this oversight.

How to fix Improper Authorization?

Upgrade com.hazelcast:hazelcast to version 5.2.5, 5.3.5 or higher.

[,5.2.5) [5.3.0,5.3.5)
  • M
Improper Access Control

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Improper Access Control due to inadequate permission checking, within the SQL mapping for the CSV File Source connector. This could enable unauthorized clients to access data from files stored on a member's filesystem.

How to fix Improper Access Control?

Upgrade com.hazelcast:hazelcast to version 5.3.5 or higher.

[,5.3.5)
Go back to all versions of this package