CVE-2019-10174

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10174

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10174.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10174

Aliases

GHSA-h47x-2j37-fw5m

Related

Published

2019-11-25T11:15:10Z

Modified

2024-09-02T23:07:11Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

References

Affected packages

Git / github.com/infinispan/infinispan

Affected ranges

Type: GIT
Repo: https://github.com/infinispan/infinispan
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

16b6bd8bf5482dc52a8b50d809def1aba31e481d