Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.infinispan/infinispan-core@5.3.0.Alpha1
purl pkg:maven/org.infinispan/infinispan-core@5.3.0.Alpha1
Next non-vulnerable version 11.0.6.Final
Latest non-vulnerable version 15.0.0.Dev07
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-22at-v7he-fqek
Aliases:
CVE-2017-15089
GHSA-46r5-59fg-2fjc
Deserialization of Untrusted Data It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
9.2.0.CR1
Affected by 3 other vulnerabilities.
VCID-f2rc-7h94-wyhb
Aliases:
CVE-2020-25711
GHSA-8674-26jc-wh98
Missing Authorization A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
11.0.6.Final
Affected by 0 other vulnerabilities.
VCID-gyhd-8wsj-gyac
Aliases:
CVE-2019-10158
GHSA-6x3v-rw2q-9gx7
Improper implementation of the session fixation protection in Infinispan A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
9.4.15.Final
Affected by 3 other vulnerabilities.
10.0.0
Affected by 0 other vulnerabilities.
10.0.0.Final
Affected by 1 other vulnerability.
VCID-x6xg-map7-abcg
Aliases:
CVE-2019-10174
GHSA-h47x-2j37-fw5m
Use of Externally-Controlled Input to Select Classes or Code in Infinispan A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
8.2.12.Final
Affected by 3 other vulnerabilities.
9.4.17.Final
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:00:17.740381+00:00 GitLab Importer Affected by VCID-x6xg-map7-abcg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml 38.4.0
2026-04-16T21:51:48.551724+00:00 GitLab Importer Affected by VCID-22at-v7he-fqek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml 38.4.0
2026-04-16T21:38:59.883558+00:00 GitLab Importer Affected by VCID-f2rc-7h94-wyhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml 38.4.0
2026-04-16T20:59:55.220194+00:00 GitLab Importer Affected by VCID-gyhd-8wsj-gyac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml 38.4.0
2026-04-11T23:15:54.132212+00:00 GitLab Importer Affected by VCID-x6xg-map7-abcg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml 38.3.0
2026-04-11T23:07:42.563341+00:00 GitLab Importer Affected by VCID-22at-v7he-fqek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml 38.3.0
2026-04-11T22:54:09.661067+00:00 GitLab Importer Affected by VCID-f2rc-7h94-wyhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml 38.3.0
2026-04-11T22:11:10.289027+00:00 GitLab Importer Affected by VCID-gyhd-8wsj-gyac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml 38.3.0
2026-04-02T23:23:44.545790+00:00 GitLab Importer Affected by VCID-x6xg-map7-abcg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml 38.1.0
2026-04-02T23:16:03.744696+00:00 GitLab Importer Affected by VCID-22at-v7he-fqek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml 38.1.0
2026-04-02T23:03:20.739858+00:00 GitLab Importer Affected by VCID-f2rc-7h94-wyhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml 38.1.0
2026-04-02T22:23:41.334952+00:00 GitLab Importer Affected by VCID-gyhd-8wsj-gyac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml 38.1.0
2026-04-01T17:44:43.923208+00:00 GitLab Importer Affected by VCID-x6xg-map7-abcg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml 38.0.0
2026-04-01T17:36:08.437422+00:00 GitLab Importer Affected by VCID-22at-v7he-fqek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml 38.0.0
2026-04-01T17:22:15.516443+00:00 GitLab Importer Affected by VCID-f2rc-7h94-wyhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml 38.0.0
2026-04-01T16:41:29.475981+00:00 GitLab Importer Affected by VCID-gyhd-8wsj-gyac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml 38.0.0