Description
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
Remediation
References
https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp
Related Vulnerabilities
CVE-2017-16146 Vulnerability in npm package mockserve
CVE-2023-42399 Vulnerability in npm package jodit
CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2020-28451 Vulnerability in npm package image-tiler
CVE-2017-11342 Vulnerability in maven package org.webjars.npm:node-sass