CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
CVE-2024-1574 (GCVE-0-2024-1574)
Vulnerability from cvelistv5 – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
VLAI
Summary
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU98894016/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisoryx_transferred |
Impacted products
17 products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "genesis64",
"vendor": "iconics",
"versions": [
{
"lessThan": "10.97.92",
"status": "affected",
"version": "10.97",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mc_works64",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:44:19.238774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:45:36.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICONICS Suite",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hyper Historian",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AnalytiX",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MobileHMI",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 10.97.2 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BizViz",
"vendor": "Mitsubishi Electric Iconics Digital Solutions",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BizViz",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 9.7 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MC Works64",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Malicious Code Execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:31:05.753Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2024-1574",
"datePublished": "2024-07-04T09:02:35.260Z",
"dateReserved": "2024-02-16T01:30:45.960Z",
"dateUpdated": "2026-04-08T13:31:05.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28121 (GCVE-0-2024-28121)
Vulnerability from cvelistv5 – Published: 2024-03-12 19:44 – Updated: 2025-02-13 17:47
VLAI
Title
Reflex arbitrary method call in stimulus_reflex
Summary
stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\"target\":\"[class_name]#[method_name]\",\"args\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/stimulusreflex/stimulus_reflex… | x_refsource_CONFIRM |
| https://github.com/stimulusreflex/stimulus_reflex… | x_refsource_MISC |
| https://github.com/stimulusreflex/stimulus_reflex… | x_refsource_MISC |
| https://github.com/stimulusreflex/stimulus_reflex… | x_refsource_MISC |
| https://github.com/stimulusreflex/stimulus_reflex… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2024/Mar/16 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| stimulusreflex | stimulus_reflex |
Affected:
>= 3.5.0.rc1, < 3.5.0.rc4
Affected: < 3.4.2 |
|
| stimulusreflex | stimulus_reflex |
Affected:
0 , < 3.4.2
(custom)
Affected: 3.5.0.rc1 , < 3.5.0.rc4 (custom) cpe:2.3:a:stimulusreflex:stimulus_reflex:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/16"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stimulusreflex:stimulus_reflex:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stimulus_reflex",
"vendor": "stimulusreflex",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.5.0.rc4",
"status": "affected",
"version": "3.5.0.rc1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T14:29:13.739952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:34:43.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stimulus_reflex",
"vendor": "stimulusreflex",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5.0.rc1, \u003c 3.5.0.rc4"
},
{
"status": "affected",
"version": "\u003c 3.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\\\"target\\\":\\\"[class_name]#[method_name]\\\",\\\"args\\\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:05:59.246Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2"
},
{
"name": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/16"
}
],
"source": {
"advisory": "GHSA-f78j-4w3g-4q65",
"discovery": "UNKNOWN"
},
"title": "Reflex arbitrary method call in stimulus_reflex"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28121",
"datePublished": "2024-03-12T19:44:29.591Z",
"dateReserved": "2024-03-04T14:19:14.060Z",
"dateUpdated": "2025-02-13T17:47:15.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4990 (GCVE-0-2024-4990)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-03-20 13:31
VLAI
Title
Unsafe Reflection in base Component class in yiisoft/yii2
Summary
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yiisoft | yiisoft/yii2 |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4990",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T13:30:40.291711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:31:05.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "yiisoft/yii2",
"vendor": "yiisoft",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:11:14.988Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f"
}
],
"source": {
"advisory": "4fbdd965-02b6-42e4-b57b-f98f93415b8f",
"discovery": "EXTERNAL"
},
"title": "Unsafe Reflection in base Component class in yiisoft/yii2"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4990",
"datePublished": "2025-03-20T10:11:14.988Z",
"dateReserved": "2024-05-16T09:00:39.505Z",
"dateUpdated": "2025-03-20T13:31:05.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53850 (GCVE-0-2024-53850)
Vulnerability from cvelistv5 – Published: 2024-12-26 21:41 – Updated: 2024-12-27 16:18
VLAI
Title
The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation
Summary
The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pluginsGLPI/addressing/securit… | x_refsource_CONFIRM |
| https://github.com/pluginsGLPI/addressing/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pluginsGLPI | addressing |
Affected:
>= 3.0.0 < 3.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T16:18:33.280505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T16:18:41.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "addressing",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0 \u003c 3.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T21:41:55.270Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9"
},
{
"name": "https://github.com/pluginsGLPI/addressing/commit/b334187a99206abbd7d0bc84f720b0a6e69e92f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/addressing/commit/b334187a99206abbd7d0bc84f720b0a6e69e92f0"
}
],
"source": {
"advisory": "GHSA-fw42-79gw-7qr9",
"discovery": "UNKNOWN"
},
"title": "The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53850",
"datePublished": "2024-12-26T21:41:55.270Z",
"dateReserved": "2024-11-22T17:30:02.140Z",
"dateUpdated": "2024-12-27T16:18:41.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6096 (GCVE-0-2024-6096)
Vulnerability from cvelistv5 – Published: 2024-07-24 14:00 – Updated: 2025-04-25 23:02
VLAI
Title
Unsafe Deserialization Vulnerability
Summary
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.telerik.com/reporting/knowledge-base… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2025042… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | Telerik Reporting |
Affected:
1.0.0 , < 18.1.24.709
(semver)
|
|
| progress | telerik_reporting |
Affected:
1.0.0.0 , < 18.1.24.709
(semver)
cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "telerik_reporting",
"vendor": "progress",
"versions": [
{
"lessThan": "18.1.24.709",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T03:55:33.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:02:56.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Telerik Reporting",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "18.1.24.709",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Markus Wulftange with CODE WHITE GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T14:00:19.107Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unsafe Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-6096",
"datePublished": "2024-07-24T14:00:19.107Z",
"dateReserved": "2024-06-17T19:17:57.663Z",
"dateUpdated": "2025-04-25T23:02:56.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7059 (GCVE-0-2024-7059)
Vulnerability from cvelistv5 – Published: 2024-11-05 13:13 – Updated: 2024-11-09 22:45
VLAI
Summary
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Security Center |
Affected:
<5.8.2.1
(semver)
Unaffected: >=5.8.2.1 (semver) Affected: >=5.9.0.0 <5.9.5.8 (semver) Unaffected: >=5.9.5.8 (semver) Affected: >=5.10.0.0 <5.10.4.23 (semver) Unaffected: >=5.10.4.23 (semver) Affected: >=5.11.0.0 <5.11.3.13 (semver) Unaffected: >=5.11.3.13 (semver) Affected: >=5.12.0.0 <5.12.1.3 (semver) Unaffected: >=5.12.1.3 <5.12.2.0 (semver) Affected: >=5.12.2.0 <5.12.2.1 (semver) Unaffected: >=5.12.2.1 (semver) |
|
| genetec | security_center |
Affected:
0 , < 5.8.2.1
(semver)
Affected: 5.9.0.0 , < 5.9.5.8 (semver) Affected: 5.10.0.0 , < 5.10.4.23 (semver) Affected: 5.11.0.0 , < 5.11.3.13 (semver) Affected: 5.12.0.0 , < 5.12.1.3 (semver) Affected: 5.12.2.0 , < 5.12.2.1 (semver) cpe:2.3:a:genetec:security_center:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:genetec:security_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "security_center",
"vendor": "genetec",
"versions": [
{
"lessThan": "5.8.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.9.5.8",
"status": "affected",
"version": "5.9.0.0",
"versionType": "semver"
},
{
"lessThan": "5.10.4.23",
"status": "affected",
"version": "5.10.0.0",
"versionType": "semver"
},
{
"lessThan": "5.11.3.13",
"status": "affected",
"version": "5.11.0.0",
"versionType": "semver"
},
{
"lessThan": "5.12.1.3",
"status": "affected",
"version": "5.12.0.0",
"versionType": "semver"
},
{
"lessThan": "5.12.2.1",
"status": "affected",
"version": "5.12.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:06:17.075211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:11:38.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Genetec Security Center",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c5.8.2.1",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=5.8.2.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003e=5.9.0.0 \u003c5.9.5.8",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=5.9.5.8",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003e=5.10.0.0 \u003c5.10.4.23",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=5.10.4.23",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003e=5.11.0.0 \u003c5.11.3.13",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=5.11.3.13",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003e=5.12.0.0 \u003c5.12.1.3",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=5.12.1.3 \u003c5.12.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003e=5.12.2.0 \u003c5.12.2.1",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=5.12.2.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AlgoSecure, Louis Moubinous"
}
],
"descriptions": [
{
"lang": "en",
"value": "A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line."
}
],
"impacts": [
{
"capecId": "CAPEC-138",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-138: Reflection Injection"
}
]
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"baseScore": 8.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-09T22:45:41.270Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role"
},
{
"url": "https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Security Center 5.8.2.1, 5.9.5.8, 5.10.4.23, 5.11.3.13, 5.12.1.3, 5.12.2.1 and all later versions."
}
],
"workarounds": [
{
"lang": "en",
"value": "If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2024-7059",
"datePublished": "2024-11-05T13:13:29.839Z",
"dateReserved": "2024-07-23T20:53:20.464Z",
"dateUpdated": "2024-11-09T22:45:41.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8014 (GCVE-0-2024-8014)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:16 – Updated: 2025-11-03 19:34
VLAI
Title
Telerik Reporting EntityDataSource Insecure Type Resolution
Summary
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.telerik.com/reporting/knowledge-base… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2025042… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software | Telerik Reporting |
Affected:
18.2.24.806 , < 18.2.24.924
(custom)
|
|
| progress_software | telerik_reporting |
Affected:
18.2.24.806 , < 18.2.24.924
(custom)
cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "telerik_reporting",
"vendor": "progress_software",
"versions": [
{
"lessThan": "18.2.24.924",
"status": "affected",
"version": "18.2.24.806",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T16:04:54.577886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T16:05:56.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:34:45.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Telerik Reporting",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "18.2.24.924",
"status": "affected",
"version": "18.2.24.806",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Markus Wulftange with CODE WHITE GmbH."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:16:33.764Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telerik Reporting EntityDataSource Insecure Type Resolution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-8014",
"datePublished": "2024-10-09T14:16:33.764Z",
"dateReserved": "2024-08-20T16:06:14.930Z",
"dateUpdated": "2025-11-03T19:34:45.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8015 (GCVE-0-2024-8015)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:49 – Updated: 2024-10-09 16:06
VLAI
Title
Telerik Report Server Insecure Type Resolution
Summary
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.telerik.com/report-server/knowledge-… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software | Telerik Reporting |
Affected:
1.0.0.0 , < 10.2.24.924
(custom)
|
|
| progress_software | telerik_reporting |
Affected:
1.0.0.0 , < 10.2.24.924
(custom)
cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telerik_reporting",
"vendor": "progress_software",
"versions": [
{
"lessThan": "10.2.24.924",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T16:04:21.526771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T16:06:49.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Telerik Reporting",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "10.2.24.924",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."
}
],
"value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:49:19.603Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telerik Report Server Insecure Type Resolution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-8015",
"datePublished": "2024-10-09T14:49:19.603Z",
"dateReserved": "2024-08-20T16:06:35.623Z",
"dateUpdated": "2024-10-09T16:06:49.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8048 (GCVE-0-2024-8048)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:18 – Updated: 2025-11-03 19:34
VLAI
Title
Telerik Reporting Insecure Expression Evaluation
Summary
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software | Telerik Reporting |
Affected:
18.2.24.806 , < 18.2.24.924
(custom)
|
|
| progress_software | telerik_reporting |
Affected:
18.2.24.806 , < 18.2.24.924
(custom)
cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "telerik_reporting",
"vendor": "progress_software",
"versions": [
{
"lessThan": "18.2.24.924",
"status": "affected",
"version": "18.2.24.806",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T16:01:30.452924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T16:02:57.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:34:46.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Standalone Desktop Report Designer"
],
"platforms": [
"Windows"
],
"product": "Telerik Reporting",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "18.2.24.924",
"status": "affected",
"version": "18.2.24.806",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Markus Wulftange with CODE WHITE GmbH."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:18:56.968Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Telerik Reporting Insecure Expression Evaluation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-8048",
"datePublished": "2024-10-09T14:18:56.968Z",
"dateReserved": "2024-08-21T17:18:57.546Z",
"dateUpdated": "2025-11-03T19:34:46.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12967 (GCVE-0-2025-12967)
Vulnerability from cvelistv5 – Published: 2025-11-10 18:09 – Updated: 2026-02-26 17:47
VLAI
Summary
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/aws/aws-advanced-jdbc-wrapper/… | patch |
| https://github.com/aws/aws-advanced-go-wrapper/re… | patch |
| https://github.com/aws/aws-advanced-python-wrappe… | patch |
| https://github.com/aws/aws-pgsql-odbc/releases/ta… | patch |
| https://github.com/aws/aws-advanced-nodejs-wrappe… | patch |
| https://github.com/aws/aws-advanced-python-wrappe… | vendor-advisory |
| https://github.com/aws/aws-advanced-jdbc-wrapper/… | vendor-advisory |
| https://github.com/aws/aws-pgsql-odbc/security/ad… | vendor-advisory |
| https://github.com/aws/aws-advanced-go-wrapper/se… | vendor-advisory |
| https://github.com/aws/aws-advanced-nodejs-wrappe… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AWS | JDBC Wrapper |
Unaffected:
2.6.5
|
|
| AWS | Go Wrapper |
Unaffected:
2025-10-17
|
|
| AWS | NodeJS Wrapper |
Unaffected:
2.0.1
|
|
| AWS | Python Wrapper |
Unaffected:
1.4.0
|
|
| AWS | ODBC driver |
Affected:
1.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-11T04:55:40.353799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:02.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JDBC Wrapper",
"vendor": "AWS",
"versions": [
{
"status": "unaffected",
"version": "2.6.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Go Wrapper",
"vendor": "AWS",
"versions": [
{
"status": "unaffected",
"version": "2025-10-17"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NodeJS Wrapper",
"vendor": "AWS",
"versions": [
{
"status": "unaffected",
"version": "2.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Python Wrapper",
"vendor": "AWS",
"versions": [
{
"status": "unaffected",
"version": "1.4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ODBC driver",
"vendor": "AWS",
"versions": [
{
"status": "affected",
"version": "1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.\u003c/p\u003e\u003cp\u003eWe recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1\u003c/p\u003e"
}
],
"value": "An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.\n\nWe recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T18:30:56.839Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-028/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/2.6.5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2025-10-17"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-advanced-python-wrapper/releases/tag/1.4.0"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-pgsql-odbc/releases/tag/1.0.1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/aws/aws-advanced-python-wrapper/security/advisories/GHSA-4jvf-wx3f-2x8q"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-7xw4-g7mm-r4hh"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/aws/aws-pgsql-odbc/security/advisories/GHSA-q327-fgm8-7mxf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-7wq2-32h4-9hc9"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/aws/aws-advanced-nodejs-wrapper/security/advisories/GHSA-8wj8-cfxr-9374"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-12967",
"datePublished": "2025-11-10T18:09:10.157Z",
"dateReserved": "2025-11-10T17:36:11.337Z",
"dateUpdated": "2026-02-26T17:47:02.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Refactor your code to avoid using reflection.
Mitigation
Phase: Architecture and Design
Description:
- Do not use user-controlled inputs to select and load classes or code.
Mitigation
Phase: Implementation
Description:
- Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.
CAPEC-138: Reflection Injection
An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.