CVE-2016-0750
Published
CVSS v3
N/A
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Infinispan is an open source data grid platform and highly scalable NoSQL cloud data store.
GitHub