Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

DATE CVE VULNERABILITY TITLE RISK
2022-09-06 CVE-2022-26469 Unsafe Reflection vulnerability in Google Android 11.0/12.0
In MtkEmail, there is a possible escalation of privilege due to fragment injection.
local
low complexity
google CWE-470
7.8
2022-07-28 CVE-2022-30287 Unsafe Reflection vulnerability in multiple products
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class.
network
low complexity
horde debian CWE-470
8.0
2022-01-06 CVE-2021-31522 Unsafe Reflection vulnerability in Apache Kylin
Kylin can receive user input and load any class through Class.forName(...).
network
low complexity
apache CWE-470
critical
9.8
2021-06-01 CVE-2021-32647 Unsafe Reflection vulnerability in NSA Emissary 6.4.0
Emissary is a P2P based data-driven workflow engine.
network
low complexity
nsa CWE-470
critical
9.1
2021-03-08 CVE-2021-21327 Unsafe Reflection vulnerability in Glpi-Project Glpi
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-470
7.5
2020-04-02 CVE-2019-20635 Unsafe Reflection vulnerability in Intland Codebeamer
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
network
low complexity
intland CWE-470
6.1
2019-11-25 CVE-2019-10174 Unsafe Reflection vulnerability in multiple products
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges.
network
low complexity
infinispan redhat netapp CWE-470
8.8
2019-10-03 CVE-2019-3834 Unsafe Reflection vulnerability in Redhat Jboss Operations Network
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON).
network
low complexity
redhat CWE-470
7.3
2019-03-28 CVE-2019-1003041 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8
2019-03-28 CVE-2019-1003040 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8