Red hat data grid

This hub aggregates every CVE we track for Red hat data grid, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat data grid.

• CVE-2025-0736Org.infinispan-infinispan-parent: exposure of sensitive information in application logs5.5Jan 28, 2025
• CVE-2024-12798JaninoEventEvaluator vulnerability7.3Dec 19, 2024
• CVE-2024-31141Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider6.5Nov 19, 2024
• CVE-2024-38809Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users ...5.3Sep 27, 2024
• CVE-2024-4067Regular Expression Denial of Service in micromatch5.3May 13, 2024
• CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, ...7.3Jan 2, 2024
• CVE-2023-31582jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.7.5Oct 24, 2023
• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
• CVE-2023-34462netty-handler SniHandler 16MB allocation6.5Jun 22, 2023
• CVE-2023-35116jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that ...4.7Jun 14, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2022-41966XStream Denial of Service via stack overflow 8.2Dec 27, 2022
• CVE-2022-45047Apache MINA SSHD: Java unsafe deserialization vulnerability9.8Nov 16, 2022
• CVE-2022-37866Apache Ivy allows path traversal in the presence of a malicious repository7.5Nov 7, 2022