VulnerableCode Package Details - pkg:maven/org.infinispan/infinispan-core@9.2.0.CR1

Search for packages

Vulnerability	Summary	Fixed by
VCID-f2rc-7h94-wyhb Aliases: CVE-2020-25711 GHSA-8674-26jc-wh98	Missing Authorization A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.	11.0.6.Final Affected by 0 other vulnerabilities.
VCID-gyhd-8wsj-gyac Aliases: CVE-2019-10158 GHSA-6x3v-rw2q-9gx7	Improper implementation of the session fixation protection in Infinispan A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.	9.4.15.Final Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.0 Affected by 0 other vulnerabilities. 10.0.0.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-x6xg-map7-abcg Aliases: CVE-2019-10174 GHSA-h47x-2j37-fw5m	Use of Externally-Controlled Input to Select Classes or Code in Infinispan A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.	9.4.17.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-f2rc-7h94-wyhb
Aliases:
CVE-2020-25711
GHSA-8674-26jc-wh98

Missing Authorization A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

11.0.6.Final
Affected by 0 other vulnerabilities.

VCID-gyhd-8wsj-gyac
Aliases:
CVE-2019-10158
GHSA-6x3v-rw2q-9gx7

Improper implementation of the session fixation protection in Infinispan A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

9.4.15.Final
Affected by 3 other vulnerabilities.

10.0.0
Affected by 0 other vulnerabilities.

10.0.0.Final
Affected by 1 other vulnerability.

VCID-x6xg-map7-abcg
Aliases:
CVE-2019-10174
GHSA-h47x-2j37-fw5m

Use of Externally-Controlled Input to Select Classes or Code in Infinispan A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

9.4.17.Final
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-22at-v7he-fqek	Deserialization of Untrusted Data It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.	CVE-2017-15089 GHSA-46r5-59fg-2fjc

Vulnerability

Summary

Aliases

VCID-22at-v7he-fqek

Deserialization of Untrusted Data It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

CVE-2017-15089
GHSA-46r5-59fg-2fjc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:00:18.132655+00:00	GitLab Importer	Affected by	VCID-x6xg-map7-abcg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml	38.4.0
2026-04-16T21:51:48.921683+00:00	GitLab Importer	Fixing	VCID-22at-v7he-fqek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml	38.4.0
2026-04-16T21:39:00.221056+00:00	GitLab Importer	Affected by	VCID-f2rc-7h94-wyhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml	38.4.0
2026-04-16T20:59:55.579066+00:00	GitLab Importer	Affected by	VCID-gyhd-8wsj-gyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml	38.4.0
2026-04-11T23:15:54.546431+00:00	GitLab Importer	Affected by	VCID-x6xg-map7-abcg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml	38.3.0
2026-04-11T23:07:42.748785+00:00	GitLab Importer	Fixing	VCID-22at-v7he-fqek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml	38.3.0
2026-04-11T22:54:10.104524+00:00	GitLab Importer	Affected by	VCID-f2rc-7h94-wyhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml	38.3.0
2026-04-11T22:11:10.740436+00:00	GitLab Importer	Affected by	VCID-gyhd-8wsj-gyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml	38.3.0
2026-04-04T14:30:11.059031+00:00	GHSA Importer	Fixing	VCID-22at-v7he-fqek	https://github.com/advisories/GHSA-46r5-59fg-2fjc	38.1.0
2026-04-02T23:23:44.895718+00:00	GitLab Importer	Affected by	VCID-x6xg-map7-abcg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml	38.1.0
2026-04-02T23:16:04.113100+00:00	GitLab Importer	Fixing	VCID-22at-v7he-fqek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml	38.1.0
2026-04-02T23:03:21.101680+00:00	GitLab Importer	Affected by	VCID-f2rc-7h94-wyhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml	38.1.0
2026-04-02T22:23:41.707478+00:00	GitLab Importer	Affected by	VCID-gyhd-8wsj-gyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml	38.1.0
2026-04-01T17:44:44.112357+00:00	GitLab Importer	Affected by	VCID-x6xg-map7-abcg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10174.yml	38.0.0
2026-04-01T17:22:15.937857+00:00	GitLab Importer	Affected by	VCID-f2rc-7h94-wyhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2020-25711.yml	38.0.0
2026-04-01T16:41:29.985856+00:00	GitLab Importer	Affected by	VCID-gyhd-8wsj-gyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2019-10158.yml	38.0.0
2026-04-01T13:11:53.527073+00:00	GithubOSV Importer	Fixing	VCID-22at-v7he-fqek	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-46r5-59fg-2fjc/GHSA-46r5-59fg-2fjc.json	38.0.0
2026-04-01T12:50:37.203263+00:00	GitLab Importer	Fixing	VCID-22at-v7he-fqek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.infinispan/infinispan-core/CVE-2017-15089.yml	38.0.0