Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-06 | CVE-2022-26469 | Unsafe Reflection vulnerability in Google Android 11.0/12.0 In MtkEmail, there is a possible escalation of privilege due to fragment injection. | 7.8 |
2022-07-28 | CVE-2022-30287 | Unsafe Reflection vulnerability in multiple products Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. | 8.0 |
2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 9.8 |
2021-06-01 | CVE-2021-32647 | Unsafe Reflection vulnerability in NSA Emissary 6.4.0 Emissary is a P2P based data-driven workflow engine. | 9.1 |
2021-03-08 | CVE-2021-21327 | Unsafe Reflection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.5 |
2020-04-02 | CVE-2019-20635 | Unsafe Reflection vulnerability in Intland Codebeamer codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. | 6.1 |
2019-11-25 | CVE-2019-10174 | Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. | 8.8 |
2019-10-03 | CVE-2019-3834 | Unsafe Reflection vulnerability in Redhat Jboss Operations Network It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). | 7.3 |
2019-03-28 | CVE-2019-1003041 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
2019-03-28 | CVE-2019-1003040 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |