An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1667 Final 1.0 1.0 2024-05-31 Initial 2024-05-31 2024-05-31 openEuler SA Tool V1.0 2024-05-31 infinispan security update An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the same time providing distributed cache capabilities. At its core Infinispan exposes a Cache interface which extends java.util.Map. It is also optionally is backed by a peer-to-peer network architecture to distribute state efficiently around a data grid. Security Fix(es): A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174) An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High infinispan https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1667 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2019-10174 https://nvd.nist.gov/vuln/detail/CVE-2019-10174 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 infinispan-8.2.4-13.oe1.noarch.rpm infinispan-help-8.2.4-13.oe1.noarch.rpm infinispan-help-8.2.4-13.oe2003sp4.noarch.rpm infinispan-8.2.4-13.oe2003sp4.noarch.rpm infinispan-8.2.4-13.oe2203.noarch.rpm infinispan-help-8.2.4-13.oe2203.noarch.rpm infinispan-8.2.4-13.oe2203sp1.noarch.rpm infinispan-help-8.2.4-13.oe2203sp1.noarch.rpm infinispan-8.2.4-13.oe2203sp2.noarch.rpm infinispan-help-8.2.4-13.oe2203sp2.noarch.rpm infinispan-8.2.4-13.oe2203sp3.noarch.rpm infinispan-help-8.2.4-13.oe2203sp3.noarch.rpm infinispan-8.2.4-13.oe1.src.rpm infinispan-8.2.4-13.oe2003sp4.src.rpm infinispan-8.2.4-13.oe2203.src.rpm infinispan-8.2.4-13.oe2203sp1.src.rpm infinispan-8.2.4-13.oe2203sp2.src.rpm infinispan-8.2.4-13.oe2203sp3.src.rpm A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan s privileges. The attacker can use reflection to introduce new, malicious behavior into the application. 2024-05-31 CVE-2019-10174 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H infinispan security update 2024-05-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1667