-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsafe Java deserialization in cluster join handling. The patches introduce serialization filtering through:
The vulnerable functions are those handling deserialization prior to these security checks. Runtime detection would see stack traces involving:
High confidence in serializer methods due to direct ObjectInputStream usage shown in patches. Medium confidence in SerializationServiceV1 as the entry point based on architectural role.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.hazelcast:hazelcast | maven | < 3.11 | 3.11 |
Ongoing coverage of React2Shell