org.infinispan:infinispan-server-rest@12.1.10.Final vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.infinispan:infinispan-server-rest package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

org.infinispan:infinispan-server-rest is an Infinispan Rest Server.

Affected versions of this package are vulnerable to Access Restriction Bypass due to improper evaluation of the necessary admin permissions in the REST API, an attacker can access information outside of their intended permissions by exploiting the flaw in the cache retrieval endpoints.

How to fix Access Restriction Bypass?

Upgrade org.infinispan:infinispan-server-rest to version 14.0.26.Final, 15.0.0.Dev04 or higher.

[,14.0.26.Final) [15.0.0.CR1,15.0.0.Dev04)