On August 4th, 2023, GitHub published CVE-2023-36480, a high severity vulnerability in our Aerospike Java client. GitHub Security Lab had previously notified us that the client is vulnerable to CWE-502. Upon confirming a fix in the latest Aerospike Java client version 7.0.0, the CVE was published.
We are providing updates through our support portal’s knowledge base. Please read CVE-2023-36480 - Aerospike Java Client vulnerable to unsafe deserialization of server responses.