On Tuesday, the Apache project released an update for Geode. The update patches a typical deserialization issue we often see in Java software like Geode (%%cve:2022-37021%%). Geode is a data management platform. It has to deal with a wide range of objects and formats. The simple allow listing approach usually doesn't work well in these environments.
Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021), (Thu, Sep 1st)
This post was originally published on this site