Advisories for Maven/Io.apiman/Apiman-Distro-Vertx package

2022

Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue

Impact If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. Hazelcast is a transitive dependency of the Apiman Vert.x Gateway. The precise risk is difficult to quantify at this juncture as plugins deployed by users may make use of Hazelcast in a …