org.infinispan:infinispan-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.infinispan:infinispan-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2019-10158 — CVSS 9.8 (critical): A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring…
CVE-2017-15089 — CVSS 8.8 (high): It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An…
CVE-2018-1131 — CVSS 8.8 (high): Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with…
CVE-2019-10174 — CVSS 8.8 (high): A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application…
CVE-2023-5384 — CVSS 7.2 (high): A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store…
CVE-2020-25711 — CVSS 6.5 (medium): A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management…