pkg:maven/com.hazelcast/hazelcast
Type
maven
Namespace
com.hazelcast
Name
hazelcast
Known advisories, vulnerabilities and fixes for com.hazelcast/hazelcast package.
Critical
3
High
3
Moderate
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 5.3.0 |
CVE-2023-33264
|
MAVEN:GHSA-5GJ6-62G7-VMGF | Hazelcast vulnerable to unmasked password exposure | moderate |
2023-05-22T03:30:16
(16 months ago) |
|
Fixed | = 5.3.0 |
CVE-2023-33264
|
MAVEN:GHSA-5GJ6-62G7-VMGF | Hazelcast vulnerable to unmasked password exposure | moderate |
2023-05-22T03:30:16
(16 months ago) |
|
Affected | <= 5.1.7 >= 5.2.0, <= 5.2.4 >= 5.3.0, <= 5.3.4 |
CVE-2023-45860
|
MAVEN:GHSA-8H4X-XVJP-VF99 | Hazelcast Platform permission checking in CSV File Source connector | moderate |
2024-02-16T23:14:45
(7 months ago) |
|
Fixed | = 5.3.5 |
CVE-2023-45860
|
MAVEN:GHSA-8H4X-XVJP-VF99 | Hazelcast Platform permission checking in CSV File Source connector | moderate |
2024-02-16T23:14:45
(7 months ago) |
|
Affected | >= 5.1-beta1, < 5.1 |
CVE-2022-0265
|
MAVEN:GHSA-99WH-973F-779P | XML External Entity Reference in Hazelcast | critical |
2022-03-04T00:00:15
(2 years ago) |
|
Fixed | = 5.1 |
CVE-2022-0265
|
MAVEN:GHSA-99WH-973F-779P | XML External Entity Reference in Hazelcast | critical |
2022-03-04T00:00:15
(2 years ago) |
|
Affected | >= 5.1, <= 5.1.2 >= 5.0, <= 5.0.3 >= 4.2, <= 4.2.5 >= 4.1, <= 4.1.9 >= 4.0, <= 4.0.6 <= 3.12.12 |
CVE-2022-36437
|
MAVEN:GHSA-C5HG-MR8R-F6JP | Hazelcast connection caching | critical |
2022-12-27T14:40:39
(20 months ago) |
|
Fixed | = 5.1.3 = 5.0.4 = 4.2.6 = 4.1.10 = 3.12.13 |
CVE-2022-36437
|
MAVEN:GHSA-C5HG-MR8R-F6JP | Hazelcast connection caching | critical |
2022-12-27T14:40:39
(20 months ago) |
|
Affected | <= 5.0.4 >= 5.1.0, <= 5.1.6 >= 5.2.0, <= 5.2.3 |
CVE-2023-33265
|
MAVEN:GHSA-C5VJ-WP4V-MMVX | Hazelcast Executor Services don't check client permissions properly | high |
2023-07-19T22:08:40
(14 months ago) |
|
Fixed | = 5.0.5 = 5.1.7 = 5.2.4 |
CVE-2023-33265
|
MAVEN:GHSA-C5VJ-WP4V-MMVX | Hazelcast Executor Services don't check client permissions properly | high |
2023-07-19T22:08:40
(14 months ago) |
|
Affected | < 3.11 |
CVE-2016-10750
|
MAVEN:GHSA-JV65-PF7V-F7P8 | Deserialization of Untrusted Data in Hazelcast | high |
2022-05-24T16:46:09
(2 years ago) |
|
Fixed | = 3.11 |
CVE-2016-10750
|
MAVEN:GHSA-JV65-PF7V-F7P8 | Deserialization of Untrusted Data in Hazelcast | high |
2022-05-24T16:46:09
(2 years ago) |
|
Affected | >= 4.0.0, < 4.0.5 >= 4.2, < 4.2.4 >= 4.1.1, < 4.1.8 >= 5.0, < 5.0.2 | MAVEN:GHSA-V57X-GXFJ-484Q | Security Advisory for "Log4Shell" | critical |
2022-01-21T23:25:04
(2 years ago) |
||
Fixed | = 4.0.5 = 4.2.4 = 4.1.8 = 5.0.2 | MAVEN:GHSA-V57X-GXFJ-484Q | Security Advisory for "Log4Shell" | critical |
2022-01-21T23:25:04
(2 years ago) |
||
Affected | >= 5.3.0, < 5.3.5 >= 5.2.0, <= 5.2.4 >= 5.1, <= 5.1.7 >= 5.0, <= 5.0.5 >= 4.2, <= 4.2.8 <= 4.1.10 |
CVE-2023-45859
|
MAVEN:GHSA-XH6M-7CR7-XX66 | Missing permission checks on Hazelcast client protocol | high |
2024-02-27T21:54:15
(6 months ago) |
|
Fixed | = 5.3.5 = 5.2.5 |
CVE-2023-45859
|
MAVEN:GHSA-XH6M-7CR7-XX66 | Missing permission checks on Hazelcast client protocol | high |
2024-02-27T21:54:15
(6 months ago) |