Search for packages
| purl | pkg:rpm/redhat/eap7-infinispan@9.3.9-1.Final_redhat_00001.1?arch=el7eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ud7m-cc54-3qbv
Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68 |
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | There are no reported fixed by versions. |
|
VCID-x6xg-map7-abcg
Aliases: CVE-2019-10174 GHSA-h47x-2j37-fw5m |
Use of Externally-Controlled Input to Select Classes or Code in Infinispan A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:23:19.814600+00:00 | RedHat Importer | Affected by | VCID-ud7m-cc54-3qbv | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14371.json | 38.0.0 |
| 2026-04-01T14:15:12.611469+00:00 | RedHat Importer | Affected by | VCID-x6xg-map7-abcg | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10174.json | 38.0.0 |