It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.infinispan:infinispan-core(Maven) | 0 | 9.2.0.CR1 | N/A |
CVSS Metrics
