CVE-2023-36480 - Aerospike Java Client vulnerable to unsafe deserialization of server responses

rbotzer · August 6, 2023, 9:30pm

On August 4th, 2023, GitHub published CVE-2023-36480, a high severity vulnerability in our Aerospike Java client. GitHub Security Lab had previously notified us that the client is vulnerable to CWE-502. Upon confirming a fix in the latest Aerospike Java client version 7.0.0, the CVE was published.

We are providing updates through our support portal’s knowledge base. Please read CVE-2023-36480 - Aerospike Java Client vulnerable to unsafe deserialization of server responses.

rbotzer · August 8, 2023, 2:30am

The following new releases of the Aerospike Java client, tools and applications provide a fix for this CVE. Please upgrade your software accordingly.

Java Client 6.2.0
Java Client 5.2.0
Java Client 4.5.0
REST Gateway 2.1.2
Aerospike Loader 4.0.1

Topic		Replies	Views
CVE-2021-44228: Log4Shell vulnerability and Aerospike Support Bulletins java , cve	6	2553	January 6, 2022
CVE-2022-22965 Spring4Shell RCE analysis Support Bulletins java , spring , cve	1	1154	April 3, 2022
Aerospike Java Client Release 5.1.4 (June 24, 2021) Releases (Server, Client & Tools)	0	732	June 24, 2021
Aerospike Java Client Release 4.3.0 (January 24, 2019) Releases (Server, Client & Tools)	0	646	January 24, 2019
Aerospike Java Client Release 6.1.0 (July 12, 2022) Releases (Server, Client & Tools)	0	416	July 12, 2022

CVE-2023-36480 - Aerospike Java Client vulnerable to unsafe deserialization of server responses

Related Topics