Reputation: 366
Prisma Cloud reports Vulnerability in hazelcast CVE-2022-36437 The thing is that the project does not use hazelcast. It uses payara-micro 6.2023.1
What is the connection between hazlecast and payara-micro?
How to solve this vulnerability?
Upvotes: 0
Views: 177
Reputation: 3263
Payara micro is using Hazelcast for clustering or some "core" features . E.g. remote CDI events passed through Hazelcast. As far as I know this vulnerability fixed in 5.1.3 but Payara Micro using 5.1.1. Probably it works if you override Hazelcast dependency in your project descriptor (e.g. pom.xml)
Upvotes: 1