Lucene search
GoogleOSV:GHSA-JV65-PF7V-F7P8HistoryMay 24, 2022 - 4:46 p.m.
Deserialization of Untrusted Data in Hazelcast
2022-05-2416:46:09
Google
osv.dev
48
hazelcast
deserialization
remote code execution
java deserialization
EPSS
0.026
Percentile
90.4%
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
Related
prion
prion
Remote code execution
2019-05-22 14:29:00
nvd
nvd
CVE-2016-10750
2019-05-22 14:29:00
cvelist
cvelist
CVE-2016-10750
2019-05-22 13:40:06
osv
osv
CVE-2016-10750
2019-05-22 14:29:00
nessus
nessus
atlassian
atlassian
cve
cve
CVE-2016-10750
2019-05-22 14:29:00
github
github
Deserialization of Untrusted Data in Hazelcast
2022-05-24 16:46:09
veracode
veracode
Remote Code Execution Through Deserialisation
2019-05-23 04:41:04
redhat
redhat
(RHSA-2019:2413) Important: Red Hat Fuse 7.4.0 security update
2019-08-08 10:07:26