Description
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
Remediation
References
https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package colne
CVE-2016-5018 Vulnerability in maven package tomcat:jasper-runtime
CVE-2018-1287 Vulnerability in maven package org.apache.jmeter:apachejmeter
CVE-2019-0201 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble