Hazelcast Cluster Join Procedure Remote Code Execution Vulnerability
A vulnerability in Hazelcast could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability exists because the cluster join procedure feature of the affected software allows for the deserialization of untrusted input. An attacker could exploit this vulnerability by sending a JoinRequest that submits malicious input to a targeted, listening Hazelcast instance. If vulnerable classes exist in the classpath on the system, a successful exploit could allow the attacker to execute arbitrary code.
Hazelcast has confirmed the vulnerability and released a software update.
Security Impact Rating: High