Infinispan CVE-2018-1131 Remote Code Execution Vulnerability

Bugtraq ID:	104218
Class:	Input Validation Error
CVE:	CVE-2018-1131
Remote:	Yes
Local:	No
Published:	May 14 2018 12:00AM
Updated:	May 14 2018 12:00AM
Credit:	Unknown
Vulnerable:	Redhat JBoss Data Grid 7.0.0 infinispan infinispan 9.3.0.Alpha1 infinispan infinispan 9.2.2.Final infinispan infinispan 9.1.7.Final infinispan infinispan 9.0.3.Final infinispan infinispan 8.2.10.Final
Not Vulnerable:

Infinispan CVE-2018-1131 Remote Code Execution Vulnerability

Infinispan is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application.

Infinispan 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, and 9.3.0.Alpha1 are vulnerable; other versions are also affected.

Infinispan CVE-2018-1131 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Infinispan CVE-2018-1131 Remote Code Execution Vulnerability

References:

• Infinispan Homepage (infinispan)
  
• Bug 1576492 CVE-2018-1131 infinispan: deserialization of data in XML and JSON tr (Redhat)
  
• CVE-2018-1131 (Redhat)