Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-08 | CVE-2021-21327 | Unsafe Reflection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.5 |
2020-04-02 | CVE-2019-20635 | Unsafe Reflection vulnerability in Intland Codebeamer codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. | 4.3 |
2019-11-25 | CVE-2019-10174 | Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. | 6.5 |
2019-10-03 | CVE-2019-3834 | Unsafe Reflection vulnerability in Redhat Jboss Operations Network It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). | 6.8 |
2019-03-28 | CVE-2019-1003041 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
2019-03-28 | CVE-2019-1003040 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
2018-04-13 | CVE-2018-5511 | Unsafe Reflection vulnerability in multiple products On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 6.5 |
2018-01-10 | CVE-2017-7536 | Unsafe Reflection vulnerability in Redhat products In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. | 7.0 |
2004-12-31 | CVE-2004-2331 | Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | 5.5 |