GHSA-q2fj-6h62-59m2: 
Java vulnerability analysis and mitigation

The vulnerability (GHSA-q2fj-6h62-59m2) affects the Apiman Vert.x Gateway prior to version 3.0.0.Final due to a transitive dependency on Hazelcast. This security issue was published on December 28, 2022, and involves a connection caching vulnerability that could potentially compromise cluster security (GitHub Advisory).

The vulnerability has been assigned a High severity rating with a CVSS score of 8.1. The attack vector is Network-based with high attack complexity, requiring no privileges or user interaction. The vulnerability maintains an unchanged scope and can potentially impact confidentiality, integrity, and availability at high levels (GitHub Advisory).

The vulnerability allows an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. The risk impact varies depending on how plugins deployed by users utilize Hazelcast, as plugins may interact with Hazelcast differently than the main Apiman codebase (GitHub Advisory).

The primary mitigation is to upgrade to Apiman 3.0.0.Final or later. For users who must remain on older versions, they should contact their Apiman support provider for advice and long-term support. There are no known workarounds except for creating a custom build. Users with custom Apiman plugins specifying Hazelcast dependencies should also update these versions (GitHub Advisory).