CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

History

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -

Information

Published : 2021-04-21 18:15

Updated : 2024-06-21 19:15


NVD link : CVE-2021-28167

Mitre link : CVE-2021-28167

CVE.ORG link : CVE-2021-28167


JSON object : View

Products Affected

eclipse

  • openj9
CWE
CWE-909

Missing Initialization of Resource