Drosenbauer

**Name of the Vulnerable Software and Affected Versions** Hazelcast versions prior to 3.11 **Description** The cluster join procedure in Hazelcast is susceptible to remote code execution via Java deserialization. An attacker can exploit this by sending a crafted JoinRequest to a listening Hazelcast instance, allowing them to run arbitrary code if vulnerable classes are present in the classpath. **Recommendations** For versions prior to 3.11, update to version 3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the Hazelcast instance to minimize the risk of exploitation.