CVE-2022-0265 Hazelcast in 5.1-BETA-1 released with improper restriction of XML Entity Reference in GitHub repository.

CVE-2022-0265 Hazelcast in 5.1-BETA-1 released with improper restriction of XML Entity Reference in GitHub repository.

This issue should be fixed in 5.1-BETA-2, which is scheduled for release in early December. In Hazelcast 4.8, the issue will be fixed. The issue was due to the change in the structure of the XML files when the data types of the XML tags were changed from string to double. This change was necessary in order to support the new data type double.

References:

- https://hazelcast.com/docs/xsd/ddl-4.8.html
- https://hazelcast.com/blog/2018/08/11/announcing-evolution-of-elasticsearch-4.0

This issue should be fixed in 5.1-BETA-2, which is scheduled for release in early December. In Hazelcast 4.8, the issue will be fixed. The issue was due to the change in the structure of the XML files when the data types of the XML tags were changed from string to double, because it causes a NullPointerException when trying to find a specific item through an Index.

What to Do if You are Affected by the Issue?

If you are affected by the issue, please upgrade to Hazelcast 4.8-BETA-2.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe