Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2023-0460 | Unsafe Reflection vulnerability in Google Youtube Android Player API 1.2/1.2.2 The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. | 7.3 |
| 2022-07-28 | CVE-2022-30287 | Unsafe Reflection vulnerability in multiple products Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. | 8.0 |
| 2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 7.5 |
| 2021-06-01 | CVE-2021-32647 | Unsafe Reflection vulnerability in NSA Emissary 6.4.0 Emissary is a P2P based data-driven workflow engine. | 6.5 |
| 2021-03-08 | CVE-2021-21327 | Unsafe Reflection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.5 |
| 2020-04-02 | CVE-2019-20635 | Unsafe Reflection vulnerability in Intland Codebeamer codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. | 4.3 |
| 2019-11-25 | CVE-2019-10174 | Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. | 6.5 |
| 2019-10-03 | CVE-2019-3834 | Unsafe Reflection vulnerability in Redhat Jboss Operations Network It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). | 6.8 |
| 2019-03-28 | CVE-2019-1003041 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
| 2019-03-28 | CVE-2019-1003040 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |