Red Hat · Infinispan · CVE-2016-0750
**Name of the Vulnerable Software and Affected Versions**
Infinispan versions prior to 9.1.0.Final
**Description**
The issue allows a malicious user to inject a specially-crafted serialized object, potentially leading to remote code execution or other attacks, due to the automatic deserialization of bytearray message contents in certain events by the hotrod java client.
**Recommendations**
For versions prior to 9.1.0.Final, update to version 9.1.0.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the hotrod java client to minimize the risk of exploitation.