CVE-2021-28167
N/A
N/A
Summary
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Eclipse OpenJ9 | unspecified <= 0.25.0 | affected |
Weaknesses
- CWE-909: CWE-909: Missing Initialization of Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/eclipse/openj9/issues/12016
- https://security.netapp.com/advisory/ntap-20240621-0006/
References
- https://github.com/eclipse/openj9/issues/12016
- https://security.netapp.com/advisory/ntap-20240621-0006/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.