GHSA-h47x-2j37-fw5m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h47x-2j37-fw5m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h47x-2j37-fw5m/GHSA-h47x-2j37-fw5m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h47x-2j37-fw5m
- Aliases
- Published
- 2022-05-24T17:01:50Z
- Modified
- 2024-02-20T05:34:46.685094Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Use of Externally-Controlled Input to Select Classes or Code in Infinispan
- Details
-
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10174
- https://github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214
- https://github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2
- https://access.redhat.com/errata/RHSA-2020:0481
- https://access.redhat.com/errata/RHSA-2020:0727
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174
- https://github.com/infinispan/infinispan
- https://security.netapp.com/advisory/ntap-20220210-0018
Affected packages
Maven / org.infinispan:infinispan-core
Package
- Name
- org.infinispan:infinispan-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.infinispan/infinispan-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.2.12.Final
Affected versions
5.*
5.0.0.FINAL
5.0.1.FINAL
5.1.0.ALPHA1
5.1.0.ALPHA2
5.1.0.BETA1
5.1.0.BETA2
5.1.0.BETA3
5.1.0.BETA4
5.1.0.BETA5
5.1.0.CR1
5.1.0.CR2
5.1.0.CR3
5.1.0.CR4
5.1.0.FINAL
5.1.1.CR1
5.1.1.FINAL
5.1.2.CR1
5.1.2.FINAL
5.1.3.CR1
5.1.3.FINAL
5.1.4.CR1
5.1.4.FINAL
5.1.5.CR1
5.1.5.FINAL
5.1.6.FINAL
5.1.7.Final
5.1.8.Final
5.2.0.ALPHA1
5.2.0.ALPHA2
5.2.0.Alpha3
5.2.0.Alpha4
5.2.0.Beta1
5.2.0.Beta2
5.2.0.Beta3
5.2.0.Beta4
5.2.0.Beta5
5.2.0.Beta6
5.2.0.CR1
5.2.0.CR2
5.2.0.CR3
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.2.3.Final
5.2.4.Final
5.2.5.Final
5.2.6.Final
5.2.7.Final
5.2.7-wolfc-1
5.2.8.CR1
5.2.8.Final
5.2.9.Final
5.2.10.Final
5.2.11.CR1
5.2.11.Final
5.2.12.Final
5.2.13.Final
5.2.14.Final
5.2.15.Final
5.2.18.Final
5.2.19.Final
5.2.20.Final
5.3.0.Alpha1
5.3.0.Beta1
5.3.0.Beta2
5.3.0.CR1
5.3.0.CR2
5.3.0.Final
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Alpha3
6.0.0.Alpha4
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.Final
6.0.1.Final
6.0.2.Final
7.*
7.0.0.Alpha1
7.0.0.Alpha2
7.0.0.Alpha3
7.0.0.Alpha4
7.0.0.Alpha5
7.0.0.Beta1
7.0.0.Beta2
7.0.0.CR1
7.0.0.CR2
7.0.0.Final
7.0.1.Final
7.0.2.Final
7.0.3.Final
7.1.0.Alpha1
7.1.0.Beta1
7.1.0.CR1
7.1.0.CR2
7.1.0.Final
7.1.1.Final
7.2.0.Alpha1
7.2.0.Beta1
7.2.0.Beta2
7.2.0.CR1
7.2.0.Final
7.2.1.Final
7.2.2.Final
7.2.3.Final
7.2.4.Final
7.2.5.Final
8.*
8.0.0.Alpha1
8.0.0.Alpha2
8.0.0.Beta1
8.0.0.Beta2
8.0.0.Beta3
8.0.0.CR1
8.0.0.Final
8.0.1.Final
8.0.2.Final
8.1.0.Alpha1
8.1.0.Alpha2
8.1.0.Beta1
8.1.0.CR1
8.1.0.Final
8.1.1.Final
8.1.2.Final
8.1.3.Final
8.1.4.Final
8.1.5.Final
8.1.6.Final
8.1.7.Final
8.1.8.Final
8.1.9.Final
8.2.0.Beta1
8.2.0.Beta2
8.2.0.CR1
8.2.0.Final
8.2.1.Final
8.2.2.Final
8.2.3.Final
8.2.4.Final
8.2.5.Final
8.2.6.Final
8.2.7.Final
8.2.8.Final
8.2.10.Final
8.2.11.Final
Maven / org.infinispan:infinispan-core
Package
- Name
- org.infinispan:infinispan-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.infinispan/infinispan-core
Affected versions
9.*
9.0.0.Final
9.0.1.Final
9.0.2.Final
9.0.3.Final
9.1.0.Alpha1
9.1.0.Beta1
9.1.0.CR1
9.1.0.Final
9.1.1.Final
9.1.2.Final
9.1.3.Final
9.1.4.Final
9.1.5.Final
9.1.6.Final
9.1.7.Final
9.2.0.Alpha1
9.2.0.Alpha2
9.2.0.Beta1
9.2.0.Beta2
9.2.0.CR1
9.2.0.CR2
9.2.0.CR3
9.2.0.Final
9.2.1.Final
9.2.2.Final
9.2.3.Final
9.2.4.Final
9.2.5.Final
9.3.0.Alpha1
9.3.0.Beta1
9.3.0.CR1
9.3.0.Final
9.3.1.Final
9.3.2.Final
9.3.3.Final
9.3.4.Final
9.3.5.Final
9.3.6.Final
9.3.8.Final
9.3.9.Final
9.4.0.Alpha1
9.4.0.Beta1
9.4.0.CR1
9.4.0.CR2
9.4.0.CR3
9.4.0.Final
9.4.1.Final
9.4.2.Final
9.4.3.Final
9.4.4.Final
9.4.5.Final
9.4.6.Final
9.4.7.Final
9.4.8.Final
9.4.9.Final
9.4.10.Final
9.4.11.Final
9.4.12.Final
9.4.13.Final
9.4.14.Final
9.4.15.Final
9.4.16.Final