]
Gustavo Fernandes updated ISPN-9116:
------------------------------------
Security: (was: Red Hat Internal)
Server marshallers/transcoders don't support whitelist when
deserializing
-------------------------------------------------------------------------
Key: ISPN-9116
URL:
https://issues.jboss.org/browse/ISPN-9116
Project: Infinispan
Issue Type: Bug
Components: Server
Affects Versions: 9.3.0.Final, 9.2.5.Final
Reporter: Gustavo Fernandes
Assignee: Gustavo Fernandes
The server deserializes binary payloads and json/xml payload without any checks. This
happens when:
* Compatibility mode is on
* Remote listeners with filters
* Remote iteration with filters
* Remote tasks with parameters
* Server is configured with MediaType.APPLICATION_OBJECT
* Potentially with JSON and XML contents sent via REST
The remote endpoints affected are REST, Hot Rod and Memcached.