Description
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
Remediation
References
https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp
Related Vulnerabilities
CVE-2013-1966 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2020-2262 Vulnerability in maven package org.jenkins-ci.plugins:android-lint
CVE-2023-26487 Vulnerability in npm package vega-functions
CVE-2022-25895 Vulnerability in npm package lite-dev-server
CVE-2018-1000180 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on