CVE-2018-1131

HIGH Year: 2018
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-349
View all →

Vulnerability Description

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.

Related Vulnerabilities

CVE-2019-9535

CRITICAL
CVSS:9.8(Critical)

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects...

CWE-3492019

CVE-2023-51655

CRITICAL
CVSS:9.8(Critical)

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

CWE-3492023

CVE-2020-8023

HIGH
CVSS:7.8(High)

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise D...

CWE-3492020

CVE-2024-52555

HIGH
CVSS:7.8(High)

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

CWE-3492024

CVE-2025-27415

HIGH
CVSS:7.5(High)

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache ...

CWE-3492025

CVE-2025-29816

HIGH
CVSS:7.5(High)

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

CWE-3492025