{"id":"CVE-2017-15089","details":"It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.","aliases":["GHSA-46r5-59fg-2fjc"],"modified":"2026-03-20T11:18:10.979325Z","published":"2018-02-15T17:29:00.207Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0501"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0294"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1326"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040360"},{"type":"FIX","url":"https://github.com/infinispan/infinispan/pull/5639"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/infinispan/infinispan","events":[{"introduced":"0"},{"last_affected":"268ed3e7b97455765d1c99d2077fa2ba7033c090"},{"introduced":"0"},{"last_affected":"b09f4e12a13afbbd33e5248f7d119008f49d961b"},{"introduced":"0"},{"last_affected":"c8d9c890f5b7250853fc324b9c003a4c234608a1"},{"introduced":"0"},{"last_affected":"f53f4894daca9922c5a01c11406588124f9ba0ba"},{"introduced":"0"},{"last_affected":"a033408817810a1f7f2cd12f5e8e272fc0cc0028"},{"introduced":"0"},{"last_affected":"504f165a5b57383e63bf07255692980c5b047bb2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.1.6"},{"introduced":"0"},{"last_affected":"9.2.0-alpha1"},{"introduced":"0"},{"last_affected":"9.2.0-alpha2"},{"introduced":"0"},{"last_affected":"9.2.0-beta1"},{"introduced":"0"},{"last_affected":"9.2.0-beta2"},{"introduced":"0"},{"last_affected":"9.2.0-cr1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15089.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}