Vulnerability

CVE-2023-4586

 Report advisory or correction

CVSS Score 7.4 high

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-20

References

https://github.com/infinispan/infinispan/pull/11288
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4586

[CVE-2023-4586] CWE-20: Improper Input Validation

Description

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

See io.netty/netty-handler package information