Uploaded image for project: 'TinkerPop'
  1. TinkerPop
  2. TINKERPOP-2882

Vulnerability in com.hazelcase_hazelcast-3.7.8

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • 3.6.2
    • None
    • None
    • Patch, Important

    Description

      Vulnerability in com.hazelcase_hazelcast-3.7.8

      Need to update to hazelcast libraries.

      https://nvd.nist.gov/vuln/detail/CVE-2022-36437

      Package path...

      • /root/.groovy/grapes/com.hazelcast/hazelcast-all/jars/hazelcast-all-3.7.8.jar

      Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

      Attachments

        Issue Links

          is a clone of

          Improvement - An improvement or enhancement to an existing feature or task. TINKERPOP-2881 Improper Authentication in Apache Shiro

          • Major - Major loss of function.
          • Closed
          is cloned by

          Improvement - An improvement or enhancement to an existing feature or task. TINKERPOP-2883 Vulnerability in Netty libraries

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              jfoscue Jim Foscue
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: