CVE-2019-10174

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10174
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10174.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10174
Aliases
Related
Published
2019-11-25T11:15:10Z
Modified
2024-09-02T23:07:11Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

References

Affected packages

Git / github.com/infinispan/infinispan

Affected ranges

Type
GIT
Repo
https://github.com/infinispan/infinispan
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed