[jira] [Closed] (TINKERPOP-2882) Vulnerability in com.hazelcase_hazelcast-3.7.8

Jim Foscue (Jira) Thu, 09 Mar 2023 12:34:08 -0800


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jim Foscue closed TINKERPOP-2882.
---------------------------------
    Resolution: Not A Problem

> Vulnerability in com.hazelcase_hazelcast-3.7.8
> ----------------------------------------------
>
>                 Key: TINKERPOP-2882
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2882
>             Project: TinkerPop
>          Issue Type: Improvement
>    Affects Versions: 3.6.2
>            Reporter: Jim Foscue
>            Priority: Major
>              Labels: Ironbank
>
> Vulnerability in com.hazelcase_hazelcast-3.7.8
> Need to update to hazelcast libraries.
> [https://nvd.nist.gov/vuln/detail/CVE-2022-36437]
> Package path...
>  * 
> /root/.groovy/grapes/com.hazelcast/hazelcast-all/jars/hazelcast-all-3.7.8.jar
> Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service 
> that arbitrarily deserializes Java objects, e.g., through setSessionVariable. 
> An attacker can abuse this for remote code execution because there are 
> dependencies with exploitable gadget chains.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (TINKERPOP-2882) Vulnerability in com.hazelcase_hazelcast-3.7.8

Reply via email to