Please patch CVEs for package hazelcast version 3.2.2 INFO (CVEs are): hazelcast 3.2.2 cves found CVE-2016-10750 Desc: In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code. Link: https://nvd.nist.gov/vuln/detail/CVE-2016-10750 Severity: HIGH CVE-2022-36437 Desc: The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3. Link: https://nvd.nist.gov/vuln/detail/CVE-2022-36437 Severity: CRITICAL
*** Bug 13725 has been marked as a duplicate of this bug. ***
*** Bug 13533 has been marked as a duplicate of this bug. ***
Входит в java-стек, который пока обновляться не будет