14 lines
1.4 KiB
JSON
14 lines
1.4 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1667",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1667",
|
|
"title": "An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
|
|
"severity": "Important",
|
|
"description": "Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the same time providing distributed cache capabilities. At its core Infinispan exposes a Cache interface which extends java.util.Map. It is also optionally is backed by a peer-to-peer network architecture to distribute state efficiently around a data grid.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2019-10174",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |