com.hazelcast:hazelcast 4.2-BETA-1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.hazelcast:hazelcast package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Improper Authorization com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform. Affected versions of this package are vulnerable to Improper Authorization due to missing permission checks on the Hazelcast client protocol. Authenticated users can access data stored in the cluster by exploiting this oversight. How to fix Improper Authorization? Upgrade `com.hazelcast:hazelcast` to version 5.2.5, 5.3.5 or higher.	[,5.2.5)[5.3.0,5.3.5)
M Improper Access Control com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform. Affected versions of this package are vulnerable to Improper Access Control due to inadequate permission checking, within the SQL mapping for the `CSV File Source` connector. This could enable unauthorized clients to access data from files stored on a member's filesystem. How to fix Improper Access Control? Upgrade `com.hazelcast:hazelcast` to version 5.2.5, 5.3.5 or higher.	[,5.2.5)[5.3.0,5.3.5)
M Insufficiently Protected Credentials com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the `ConfigXmlGenerator` component due to improper password masking in the member configurations. Exploiting this vulnerability allows Hazelcast Management Center users to view members' secrets. How to fix Insufficiently Protected Credentials? Upgrade `com.hazelcast:hazelcast` to version 5.1.6, 5.3.0 or higher.	[4.0-BETA-1,5.1.6)[5.2-BETA-1,5.3.0)

Vulnerability

Vulnerable Version

Improper Authorization

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Improper Authorization due to missing permission checks on the Hazelcast client protocol. Authenticated users can access data stored in the cluster by exploiting this oversight.

How to fix Improper Authorization?

Upgrade com.hazelcast:hazelcast to version 5.2.5, 5.3.5 or higher.

[,5.2.5)[5.3.0,5.3.5)

Improper Access Control

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Improper Access Control due to inadequate permission checking, within the SQL mapping for the CSV File Source connector. This could enable unauthorized clients to access data from files stored on a member's filesystem.

How to fix Improper Access Control?

Upgrade com.hazelcast:hazelcast to version 5.2.5, 5.3.5 or higher.

[,5.2.5)[5.3.0,5.3.5)

Insufficiently Protected Credentials

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the ConfigXmlGenerator component due to improper password masking in the member configurations. Exploiting this vulnerability allows Hazelcast Management Center users to view members' secrets.

How to fix Insufficiently Protected Credentials?

Upgrade com.hazelcast:hazelcast to version 5.1.6, 5.3.0 or higher.

[4.0-BETA-1,5.1.6)[5.2-BETA-1,5.3.0)

com.hazelcast:hazelcast@4.2-BETA-1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?