[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-15089":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":35,"related":36,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":49,"kevs":114,"epss":115,"epss_history":118,"metrics":372,"affected":385},"CVE-2017-15089","It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[26],"GHSA-46r5-59fg-2fjc",[],[29,31,33],{"_key":30},"RHSA-2018:0479",{"_key":32},"RHSA-2018:0480",{"_key":34},"RHSA-2018:0481",[],[],"2018-02-15T17:00:00.000Z","2024-09-16T19:05:25.998Z","Modified",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":44,"severity_score":45,"severity_version":46,"severity_source":47,"severity_vector":48,"severity_status":39},false,"low",0.01843,"high",8.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[50,58,66,70,76,80,84,88,92,96,101,105,109],{"url":51,"sources":52,"tags":54},"http://www.securitytracker.com/id/1040360",[53,47],"cve.org",[55,56,57],"VDB Entry","X Refsource SECTRACK","Third Party Advisory",{"url":59,"sources":60,"tags":62},"https://access.redhat.com/errata/RHSA-2018:0479",[53,47,61],"osv_maven",[63,64,65],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":67,"sources":68,"tags":69},"https://access.redhat.com/errata/RHSA-2018:0481",[53,47,61],[63,64,65],{"url":71,"sources":72,"tags":73},"https://github.com/infinispan/infinispan/pull/5639",[53,47,61],[74,75,57,65],"X Refsource CONFIRM","Patch",{"url":77,"sources":78,"tags":79},"https://access.redhat.com/errata/RHSA-2018:0294",[53,47,61],[63,64,57,65],{"url":81,"sources":82,"tags":83},"https://access.redhat.com/errata/RHSA-2018:0501",[53,47,61],[63,64,65],{"url":85,"sources":86,"tags":87},"https://access.redhat.com/errata/RHSA-2018:0480",[53,47,61],[63,64,65],{"url":89,"sources":90,"tags":91},"https://access.redhat.com/errata/RHSA-2018:0478",[53,47,61],[63,64,65],{"url":93,"sources":94,"tags":95},"https://access.redhat.com/errata/RHSA-2019:1326",[53,47,61],[63,64,65],{"url":97,"sources":98,"tags":99},"https://nvd.nist.gov/vuln/detail/CVE-2017-15089",[61],[100],"Advisory",{"url":102,"sources":103,"tags":104},"https://github.com/infinispan/infinispan/commit/1deadcb1c74ea0337abd5382c0150b000f6b106f",[61],[65],{"url":106,"sources":107,"tags":108},"https://github.com/infinispan/infinispan/commit/2944b0d1369a230bde88392b222921537c99331e",[61],[65],{"url":110,"sources":111,"tags":112},"https://github.com/infinispan/infinispan",[61],[113],"PACKAGE",[],{"date":116,"score":43,"percentile":117},"2026-06-04",0.83316,[119,123,126,129,132,135,138,141,144,147,150,153,156,158,160,163,166,169,172,175,178,181,184,186,188,191,194,196,199,202,205,208,211,214,216,218,221,224,227,230,232,235,238,241,244,247,250,253,255,257,260,263,266,269,272,275,278,281,284,287,290,293,295,297,300,303,306,308,310,312,315,318,321,324,327,329,331,334,337,340,343,346,349,352,355,357,360,363,366,369],{"date":120,"score":121,"percentile":122},"2025-11-04",0.03911,0.87777,{"date":124,"score":121,"percentile":125},"2025-11-05",0.87779,{"date":127,"score":121,"percentile":128},"2025-11-06",0.87766,{"date":130,"score":121,"percentile":131},"2025-11-07",0.87773,{"date":133,"score":121,"percentile":134},"2025-11-08",0.87776,{"date":136,"score":121,"percentile":137},"2025-11-09",0.87772,{"date":139,"score":121,"percentile":140},"2025-11-10",0.8777,{"date":142,"score":121,"percentile":143},"2025-11-11",0.87775,{"date":145,"score":121,"percentile":146},"2025-11-12",0.87781,{"date":148,"score":121,"percentile":149},"2025-11-13",0.87786,{"date":151,"score":121,"percentile":152},"2025-11-14",0.8779,{"date":154,"score":121,"percentile":155},"2025-11-15",0.87784,{"date":157,"score":121,"percentile":152},"2025-11-16",{"date":159,"score":121,"percentile":149},"2025-11-17",{"date":161,"score":121,"percentile":162},"2025-11-18",0.87162,{"date":164,"score":121,"percentile":165},"2025-11-19",0.87165,{"date":167,"score":121,"percentile":168},"2025-11-20",0.87169,{"date":170,"score":121,"percentile":171},"2025-11-21",0.87802,{"date":173,"score":121,"percentile":174},"2025-11-22",0.87798,{"date":176,"score":121,"percentile":177},"2025-11-23",0.87794,{"date":179,"score":121,"percentile":180},"2025-11-24",0.87795,{"date":182,"score":121,"percentile":183},"2025-11-25",0.87796,{"date":185,"score":121,"percentile":177},"2025-11-26",{"date":187,"score":121,"percentile":183},"2025-11-27",{"date":189,"score":121,"percentile":190},"2025-11-28",0.87783,{"date":192,"score":121,"percentile":193},"2025-11-29",0.87858,{"date":195,"score":121,"percentile":193},"2025-11-30",{"date":197,"score":121,"percentile":198},"2025-12-01",0.87917,{"date":200,"score":121,"percentile":201},"2025-12-02",0.87918,{"date":203,"score":121,"percentile":204},"2025-12-03",0.87916,{"date":206,"score":121,"percentile":207},"2025-12-04",0.87853,{"date":209,"score":121,"percentile":210},"2025-12-05",0.87855,{"date":212,"score":121,"percentile":213},"2025-12-06",0.87854,{"date":215,"score":121,"percentile":213},"2025-12-07",{"date":217,"score":121,"percentile":213},"2025-12-08",{"date":219,"score":121,"percentile":220},"2025-12-09",0.87868,{"date":222,"score":121,"percentile":223},"2025-12-10",0.87882,{"date":225,"score":121,"percentile":226},"2025-12-11",0.87887,{"date":228,"score":121,"percentile":229},"2025-12-12",0.87894,{"date":231,"score":121,"percentile":229},"2025-12-13",{"date":233,"score":121,"percentile":234},"2025-12-14",0.87893,{"date":236,"score":121,"percentile":237},"2025-12-15",0.87891,{"date":239,"score":121,"percentile":240},"2025-12-16",0.87897,{"date":242,"score":121,"percentile":243},"2025-12-17",0.87902,{"date":245,"score":121,"percentile":246},"2025-12-18",0.87909,{"date":248,"score":121,"percentile":249},"2025-12-19",0.87911,{"date":251,"score":121,"percentile":252},"2025-12-20",0.8791,{"date":254,"score":121,"percentile":204},"2025-12-21",{"date":256,"score":121,"percentile":198},"2025-12-22",{"date":258,"score":121,"percentile":259},"2025-12-23",0.87922,{"date":261,"score":121,"percentile":262},"2025-12-24",0.87925,{"date":264,"score":121,"percentile":265},"2025-12-25",0.87936,{"date":267,"score":121,"percentile":268},"2025-12-26",0.87933,{"date":270,"score":121,"percentile":271},"2025-12-27",0.8797,{"date":273,"score":121,"percentile":274},"2025-12-28",0.87921,{"date":276,"score":121,"percentile":277},"2025-12-29",0.87914,{"date":279,"score":121,"percentile":280},"2025-12-30",0.87923,{"date":282,"score":121,"percentile":283},"2025-12-31",0.87935,{"date":285,"score":121,"percentile":286},"2026-01-01",0.87991,{"date":288,"score":121,"percentile":289},"2026-01-02",0.87986,{"date":291,"score":121,"percentile":292},"2026-01-03",0.87984,{"date":294,"score":121,"percentile":280},"2026-01-04",{"date":296,"score":121,"percentile":259},"2026-01-05",{"date":298,"score":121,"percentile":299},"2026-01-06",0.87927,{"date":301,"score":121,"percentile":302},"2026-01-07",0.87929,{"date":304,"score":121,"percentile":305},"2026-01-08",0.87934,{"date":307,"score":121,"percentile":305},"2026-01-09",{"date":309,"score":121,"percentile":283},"2026-01-10",{"date":311,"score":121,"percentile":302},"2026-01-11",{"date":313,"score":121,"percentile":314},"2026-01-12",0.87928,{"date":316,"score":121,"percentile":317},"2026-01-13",0.87926,{"date":319,"score":121,"percentile":320},"2026-01-14",0.8794,{"date":322,"score":121,"percentile":323},"2026-01-15",0.87943,{"date":325,"score":121,"percentile":326},"2026-01-16",0.87948,{"date":328,"score":121,"percentile":326},"2026-01-17",{"date":330,"score":121,"percentile":326},"2026-01-18",{"date":332,"score":121,"percentile":333},"2026-01-19",0.87946,{"date":335,"score":121,"percentile":336},"2026-01-20",0.87945,{"date":338,"score":121,"percentile":339},"2026-01-21",0.8795,{"date":341,"score":121,"percentile":342},"2026-01-22",0.87955,{"date":344,"score":121,"percentile":345},"2026-01-23",0.87966,{"date":347,"score":121,"percentile":348},"2026-01-24",0.87973,{"date":350,"score":121,"percentile":351},"2026-01-25",0.87969,{"date":353,"score":121,"percentile":354},"2026-01-26",0.87967,{"date":356,"score":121,"percentile":351},"2026-01-27",{"date":358,"score":121,"percentile":359},"2026-01-28",0.87971,{"date":361,"score":121,"percentile":362},"2026-01-29",0.87976,{"date":364,"score":121,"percentile":365},"2026-01-30",0.8798,{"date":367,"score":121,"percentile":368},"2026-01-31",0.87978,{"date":370,"score":121,"percentile":371},"2026-02-01",0.88044,[373,383],{"source":47,"cvss_v2_0":374,"cvss_v3_0":379,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":375,"baseSeverity":9,"vectorString":376,"impactScore":377,"exploitabilityScore":378},6.5,"AV:N/AC:L/Au:S/C:P/I:P/A:P",6.4,8,{"baseScore":45,"baseSeverity":380,"vectorString":48,"impactScore":381,"exploitabilityScore":382},"HIGH",9.8,7.2,{"source":61,"cvss_v2_0":9,"cvss_v3_0":384,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":9,"vectorString":48,"impactScore":381,"exploitabilityScore":382},[386,410],{"ecosystem":9,"name":387,"vendor":387,"product":387,"cpe_part":388,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":389},"infinispan","a",[390,396,398,400,402,404,406],{"version":391,"is_range":392,"range_type":393,"version_start":9,"version_start_type":9,"version_end":394,"version_end_type":395,"fixed_in":9},"lte9.1.6",true,"cpe","9.1.6","including",{"version":397,"is_range":41,"range_type":393,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.2.0:alpha1",{"version":399,"is_range":41,"range_type":393,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.2.0:alpha2",{"version":401,"is_range":41,"range_type":393,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.2.0:beta1",{"version":403,"is_range":41,"range_type":393,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.2.0:beta2",{"version":405,"is_range":41,"range_type":393,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.2.0:cr1",{"version":407,"is_range":392,"range_type":53,"version_start":9,"version_start_type":9,"version_end":408,"version_end_type":409,"fixed_in":9},"before 9.2.0.CR1","9.2.0.CR1","excluding",{"ecosystem":411,"name":412,"vendor":413,"product":414,"cpe_part":9,"purl_type":415,"purl_namespace":413,"purl_name":414,"source":9,"versions":416},"Maven","org.infinispan:infinispan-core","org.infinispan","infinispan-core","maven",[417],{"version":418,"is_range":392,"range_type":419,"version_start":9,"version_start_type":9,"version_end":408,"version_end_type":409,"fixed_in":9},"lt9_2_0_CR1","ecosystem"]