CVE-2016-10750

Name of the Vulnerable Software and Affected Versions Hazelcast versions prior to 3.11

Description The cluster join procedure in Hazelcast is susceptible to remote code execution via Java deserialization. An attacker can exploit this by sending a crafted JoinRequest to a listening Hazelcast instance, allowing them to run arbitrary code if vulnerable classes are present in the classpath.

Recommendations For versions prior to 3.11, update to version 3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the Hazelcast instance to minimize the risk of exploitation.