Homepage

org.infinispan:infinispan-server-rest@14.0.23.Final vulnerabilities

  • latest version

    15.2.1.Final

  • first published

    13 years ago

  • latest version published

    17 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.infinispan:infinispan-server-rest package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Missing Release of Memory after Effective Lifetime

    org.infinispan:infinispan-server-rest is an Infinispan Rest Server.

    Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the REST compare API. A user can trigger an OutOfMemoryError by sending many requests with large (~1 MiB) POST data to the REST API.

    How to fix Missing Release of Memory after Effective Lifetime?

    There is no fixed version for org.infinispan:infinispan-server-rest.

    [0,)
    • M
    Access Restriction Bypass

    org.infinispan:infinispan-server-rest is an Infinispan Rest Server.

    Affected versions of this package are vulnerable to Access Restriction Bypass due to improper evaluation of the necessary admin permissions in the REST API, an attacker can access information outside of their intended permissions by exploiting the flaw in the cache retrieval endpoints.

    How to fix Access Restriction Bypass?

    Upgrade org.infinispan:infinispan-server-rest to version 14.0.26.Final, 15.0.0.Dev04 or higher.

    [,14.0.26.Final)[15.0.0.CR1,15.0.0.Dev04)
    Go back to all versions of this package