Org.infinispan:infinispan-core
This hub aggregates every CVE we track for Org.infinispan:infinispan-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Org.infinispan:infinispan-core.
- CVE-2023-5384Infinispan: credentials returned from configuration as clear text7.2
- CVE-2020-25711A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication c...6.5
- CVE-2019-10158A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.9.8
- CVE-2019-10174A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispa...8.8
- CVE-2018-1131Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious o...8.8
- CVE-2017-15089It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object int...8.8
Product normalization is registry-driven with AI assist and human review. How it works