High severity8.8NVD Advisory· Published Feb 15, 2018· Updated Jun 17, 2026
CVE-2017-15089
CVE-2017-15089
Description
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.infinispan:infinispan-coreMaven | < 9.2.0.CR1 | 9.2.0.CR1 |
Affected products
2- Range: before 9.2.0.CR1
Patches
Vulnerability mechanics
References
13- github.com/infinispan/infinispan/pull/5639nvdPatchThird Party AdvisoryWEB
- www.securitytracker.com/id/1040360nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:0294nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-46r5-59fg-2fjcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15089ghsaADVISORY
- access.redhat.com/errata/RHSA-2018:0478nvdWEB
- access.redhat.com/errata/RHSA-2018:0479nvdWEB
- access.redhat.com/errata/RHSA-2018:0480nvdWEB
- access.redhat.com/errata/RHSA-2018:0481nvdWEB
- access.redhat.com/errata/RHSA-2018:0501nvdWEB
- access.redhat.com/errata/RHSA-2019:1326nvdWEB
- github.com/infinispan/infinispan/commit/1deadcb1c74ea0337abd5382c0150b000f6b106fghsaWEB
- github.com/infinispan/infinispan/commit/2944b0d1369a230bde88392b222921537c99331eghsaWEB
News mentions
0No linked articles in our index yet.