QwikSec

Security Database

CVE

CWE

Training

CVE-2021-28167

Published: Apr 21, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.

Vendor	Product	Versions
The Eclipse Foundation	Eclipse OpenJ9	affected `unspecified - <= 0.25.0`

Weaknesses (CWE)

References

https://github.com/eclipse/openj9/issues/12016

https://security.netapp.com/advisory/ntap-20240621-0006/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.