It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
{ "severity": "HIGH", "github_reviewed_at": "2022-07-01T19:46:46Z", "cwe_ids": [ "CWE-502" ], "github_reviewed": true, "nvd_published_at": "2018-02-15T17:29:00Z" }