You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-hazelcast3/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/3.12.8/c92dd8dd1bdd8ed0733aa6e0827761acec46cb6/hazelcast-3.12.8.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/3.12.8/c92dd8dd1bdd8ed0733aa6e0827761acec46cb6/hazelcast-3.12.8.jar
Path to dependency file: /spring-boot-project/spring-boot-actuator/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
CVE-2022-36437 - High Severity Vulnerability
Vulnerable Libraries - hazelcast-3.12.8.jar, hazelcast-4.1.3.jar
hazelcast-3.12.8.jar
Core Hazelcast Module
Library home page: http://www.hazelcast.com/
Path to dependency file: /spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-hazelcast3/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/3.12.8/c92dd8dd1bdd8ed0733aa6e0827761acec46cb6/hazelcast-3.12.8.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/3.12.8/c92dd8dd1bdd8ed0733aa6e0827761acec46cb6/hazelcast-3.12.8.jar
Dependency Hierarchy:
hazelcast-4.1.3.jar
Core Hazelcast Module
Library home page: http://www.hazelcast.com/
Path to dependency file: /spring-boot-project/spring-boot-actuator/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar,/le/caches/modules-2/files-2.1/com.hazelcast/hazelcast/4.1.3/53e88817188482047e751c97386bf4d7e050c0ac/hazelcast-4.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: 12b99a3ee31b333f29415387505dfb45f75ced5f
Found in base branch: main
Vulnerability Details
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
Publish Date: 2022-12-29
URL: CVE-2022-36437
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-c5hg-mr8r-f6jp
Release Date: 2022-12-29
Fix Resolution: 4.1.10
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: