Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021), (Thu, Sep 1st)

This post was originally published on this site

On Tuesday, the Apache project released an update for Geode. The update patches a typical deserialization issue we often see in Java software like Geode (%%cve:2022-37021%%). Geode is a data management platform. It has to deal with a wide range of objects and formats. The simple allow listing approach usually doesn't work well in these environments.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.