In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. Upstream issue: https://github.com/hazelcast/hazelcast/issues/8024 Upstream pull: https://github.com/hazelcast/hazelcast/pull/12230
Created hazelcast tracking bugs for this issue: Affects: fedora-all [bug 1713216]
This issue has been addressed in the following products: Red Hat Fuse 7.4.0 Via RHSA-2019:2413 https://access.redhat.com/errata/RHSA-2019:2413
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-10750
Statement: The module vertx-hazelcast is not supported in Red Hat OpenShift Application Runtimes (RHOAR) products.