Com.hazelcast:hazelcast

This hub aggregates every CVE we track for Com.hazelcast:hazelcast, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting Com.hazelcast:hazelcast.

• CVE-2023-45859In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing aut...7.6Feb 28, 2024
• CVE-2023-45860In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unau...6.5Feb 16, 2024
• CVE-2023-33265In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the...8.8Jul 18, 2023
• CVE-2023-33264In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users...4.3May 22, 2023
• CVE-2022-36437The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connec...9.1Dec 29, 2022
• CVE-2022-0265Improper Restriction of XML External Entity Reference in hazelcast/hazelcast9.8Mar 3, 2022
• CVE-2016-10750In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequ...8.1May 22, 2019