OESA-2024-1667
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1667
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1667.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-1667
- Upstream
- Published
- 2024-05-31T11:08:10Z
- Modified
- 2025-08-12T05:34:29.600643Z
- Summary
- infinispan security update
- Details
-
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the same time providing distributed cache capabilities. At its core Infinispan exposes a Cache interface which extends java.util.Map. It is also optionally is backed by a peer-to-peer network architecture to distribute state efficiently around a data grid.
Security Fix(es):
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / infinispan
Package
- Name
- infinispan
- Purl
- pkg:rpm/openEuler/infinispan&distro=openEuler-20.03-LTS-SP1
openEuler:20.03-LTS-SP4 / infinispan
Package
- Name
- infinispan
- Purl
- pkg:rpm/openEuler/infinispan&distro=openEuler-20.03-LTS-SP4
openEuler:22.03-LTS / infinispan
Package
- Name
- infinispan
- Purl
- pkg:rpm/openEuler/infinispan&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.2.4-13.oe2203sp3
Ecosystem specific
{
"src": [
"infinispan-8.2.4-13.oe2203.src.rpm",
"infinispan-8.2.4-13.oe2203sp1.src.rpm",
"infinispan-8.2.4-13.oe2203sp2.src.rpm",
"infinispan-8.2.4-13.oe2203sp3.src.rpm"
],
"noarch": [
"infinispan-8.2.4-13.oe2203.noarch.rpm",
"infinispan-help-8.2.4-13.oe2203.noarch.rpm",
"infinispan-8.2.4-13.oe2203sp1.noarch.rpm",
"infinispan-help-8.2.4-13.oe2203sp1.noarch.rpm",
"infinispan-8.2.4-13.oe2203sp2.noarch.rpm",
"infinispan-help-8.2.4-13.oe2203sp2.noarch.rpm",
"infinispan-8.2.4-13.oe2203sp3.noarch.rpm",
"infinispan-help-8.2.4-13.oe2203sp3.noarch.rpm"
]
}
openEuler:22.03-LTS-SP1 / infinispan
Package
- Name
- infinispan
- Purl
- pkg:rpm/openEuler/infinispan&distro=openEuler-22.03-LTS-SP1
openEuler:22.03-LTS-SP2 / infinispan
Package
- Name
- infinispan
- Purl
- pkg:rpm/openEuler/infinispan&distro=openEuler-22.03-LTS-SP2