org.infinispan:infinispan-commons 9.0.0.CR1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.infinispan:infinispan-commons package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Privilege Escalation org.infinispan:infinispan-commons is a data grid platform and highly scalable NoSQL cloud data store Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability was found in Infinispan such that the `invokeAccessibly` method from the public class `ReflectionUtil` allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application. How to fix Privilege Escalation? Upgrade `org.infinispan:infinispan-commons` to version 9.4.17.Final, 10.0.0.Final or higher.	[,9.4.17.Final)[10.0.0.Alpha1,10.0.0.Final)
H Deserialization of Untrusted Data org.infinispan:infinispan-commons is an open source data grid platform. Affected version of this package are vulnerable to Deserialization of Untrusted Data. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks. How to fix Deserialization of Untrusted Data? Upgrade `org.infinispan:infinispan-commons` to version 9.2.0.CR1 or higher.	[,9.2.0.CR1)

Vulnerability

Vulnerable Version

Privilege Escalation

org.infinispan:infinispan-commons is a data grid platform and highly scalable NoSQL cloud data store

Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

How to fix Privilege Escalation?

Upgrade org.infinispan:infinispan-commons to version 9.4.17.Final, 10.0.0.Final or higher.

[,9.4.17.Final)[10.0.0.Alpha1,10.0.0.Final)

Deserialization of Untrusted Data

org.infinispan:infinispan-commons is an open source data grid platform.

Affected version of this package are vulnerable to Deserialization of Untrusted Data. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

How to fix Deserialization of Untrusted Data?

Upgrade org.infinispan:infinispan-commons to version 9.2.0.CR1 or higher.

[,9.2.0.CR1)

org.infinispan:infinispan-commons@9.0.0.CR1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?