A vulnerability in Infinispan was found allowing malicious users to inject malicious serialized objects into server's data cache and potentially execute arbitrary code on other user's machine when the malicious data are fetched using hotrod protocol.
Acknowledgments: Name: Man Yue Mo (Semmle/lgtm.com)
Hotrod is not supported without JDG entitlement, setting JON to notaffected. https://access.redhat.com/solutions/281643
This issue has been addressed in the following products: Red Hat JBoss Data Grid Via RHSA-2018:0294 https://access.redhat.com/errata/RHSA-2018:0294
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0478
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0480
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0479
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:0481
This issue has been addressed in the following products: Red Hat Fuse 6.3 Via RHSA-2019:1326 https://access.redhat.com/errata/RHSA-2019:1326
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:2561 https://access.redhat.com/errata/RHSA-2020:2561