CVE-2017-15089

Name of the Vulnerable Software and Affected Versions: Infinispan versions prior to 9.2.0.CR1

Description: The issue allows an authenticated attacker to inject a malicious object into the data cache, potentially leading to deserialization on the client and further attacks. This occurs because the Hotrod client in Infinispan unsafely reads deserialized data from the cache.

Recommendations: For versions prior to 9.2.0.CR1, update to version 9.2.0.CR1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cache to minimize the risk of exploitation.