Red Hat JBoss Data Grid Insecure Deserialization Vulnerability


Red Hat JBoss Data Grid is an in-memory datastore solution. The client application of this software has integrated the Infinispan Hot Rod client library.

A deserialization vulnerability exists in the Red Hat JBoss Data Grid. As the Hot Rod client library failed to add proper filtering before deserializing an arbitrary class, an arbitrary object could be serialized by this library. An attacker could inject a malicious serialized object via the cache, and execute arbitrary code with the privilege of the client application.

Object serialization is a feature supported by Java, which allows an object to be loaded via a binary stream, making them portable. This feature also causes security risks as hackers may load malicious object via a controllable object in deserialization. A common practice is enabling a whitelist before the application retrieve the object.

In the Hot Rod client library, however, in the version 7.1.0, the code lacks of necessary whitelisting of the object class. And in 7.1.1, the filtering could still be bypassed by using the River Marshalling Protocol:

In class org.infinispan.client.hotrod.marshall.MarshallerUtil:

In class org.infinispan.commons.marshall.jboss.AbstractJBossMarshaller:

The patch 7.1.2 for Red Hat JBoss Data Grid version is already available here. Also SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:

  • IPS 13248: Red Hat JBoss Data Grid Insecure Deserialization


  1. Infinispan open sourced library :
  1. Red Hat JBoss Data Grid 7.1.2 security update :
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.