Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
| Software | From | Fixed in |
|---|---|---|
| infinispan / infinispan | 9.3.0-alpha1 | 9.3.0-alpha1.x |
| infinispan / infinispan | 9.2.2 | 9.2.2.x |
| infinispan / infinispan | 8.2.10 | 8.2.10.x |
| infinispan / infinispan | 9.1.7 | 9.1.7.x |
| infinispan / infinispan | 9.0.3 | 9.0.3.x |
| redhat / jboss_data_grid | 7.2 | 7.2.x |
org.infinispan / infinispan-core
|
8.2.10.Final | 8.2.10.final.x |
|
org.infinispan / infinispan-core
|
9.0.3.Final | 9.0.3.final.x |
|
org.infinispan / infinispan-core
|
9.1.7.Final | 9.1.7.final.x |
|
org.infinispan / infinispan-core
|
9.2.2.Final | 9.2.2.final.x |
|
org.infinispan / infinispan-core
|
9.3.0.Alpha1 | 9.3.0.alpha1.x |
|
org.infinispan / infinispan-core
|
9.3.0.Alpha1 | 9.3.1.Final |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime