Common Weakness Enumeration

CWE-470

Allowed

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Abstraction: Base · Status: Draft

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

111 vulnerabilities reference this CWE, most recent first.

CVE-2024-8015 (GCVE-0-2024-8015)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:49 – Updated: 2024-10-09 16:06
VLAI
Title
Telerik Report Server Insecure Type Resolution
Summary
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
Impacted products
Vendor Product Version
Progress Software Telerik Reporting Affected: 1.0.0.0 , < 10.2.24.924 (custom)
Create a notification for this product.
progress_software telerik_reporting Affected: 1.0.0.0 , < 10.2.24.924 (custom)
    cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telerik_reporting",
            "vendor": "progress_software",
            "versions": [
              {
                "lessThan": "10.2.24.924",
                "status": "affected",
                "version": "1.0.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T16:04:21.526771Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T16:06:49.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Telerik Reporting",
          "vendor": "Progress Software",
          "versions": [
            {
              "lessThan": "10.2.24.924",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."
            }
          ],
          "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T14:49:19.603Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Telerik Report Server Insecure Type Resolution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-8015",
    "datePublished": "2024-10-09T14:49:19.603Z",
    "dateReserved": "2024-08-20T16:06:35.623Z",
    "dateUpdated": "2024-10-09T16:06:49.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8014 (GCVE-0-2024-8014)

Vulnerability from cvelistv5 – Published: 2024-10-09 14:16 – Updated: 2025-11-03 19:34
VLAI
Title
Telerik Reporting EntityDataSource Insecure Type Resolution
Summary
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
Progress Software Telerik Reporting Affected: 18.2.24.806 , < 18.2.24.924 (custom)
Create a notification for this product.
progress_software telerik_reporting Affected: 18.2.24.806 , < 18.2.24.924 (custom)
    cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Markus Wulftange with CODE WHITE GmbH.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "telerik_reporting",
            "vendor": "progress_software",
            "versions": [
              {
                "lessThan": "18.2.24.924",
                "status": "affected",
                "version": "18.2.24.806",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T16:04:54.577886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T16:05:56.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:34:45.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250425-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Telerik Reporting",
          "vendor": "Progress Software",
          "versions": [
            {
              "lessThan": "18.2.24.924",
              "status": "affected",
              "version": "18.2.24.806",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Markus Wulftange with CODE WHITE GmbH."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T14:16:33.764Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Telerik Reporting EntityDataSource Insecure Type Resolution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-8014",
    "datePublished": "2024-10-09T14:16:33.764Z",
    "dateReserved": "2024-08-20T16:06:14.930Z",
    "dateUpdated": "2025-11-03T19:34:45.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7059 (GCVE-0-2024-7059)

Vulnerability from cvelistv5 – Published: 2024-11-05 13:13 – Updated: 2024-11-09 22:45
VLAI
Summary
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
Genetec Inc. Genetec Security Center Affected: <5.8.2.1 (semver)
Unaffected: >=5.8.2.1 (semver)
Affected: >=5.9.0.0 <5.9.5.8 (semver)
Unaffected: >=5.9.5.8 (semver)
Affected: >=5.10.0.0 <5.10.4.23 (semver)
Unaffected: >=5.10.4.23 (semver)
Affected: >=5.11.0.0 <5.11.3.13 (semver)
Unaffected: >=5.11.3.13 (semver)
Affected: >=5.12.0.0 <5.12.1.3 (semver)
Unaffected: >=5.12.1.3 <5.12.2.0 (semver)
Affected: >=5.12.2.0 <5.12.2.1 (semver)
Unaffected: >=5.12.2.1 (semver)
Create a notification for this product.
genetec security_center Affected: 0 , < 5.8.2.1 (semver)
Affected: 5.9.0.0 , < 5.9.5.8 (semver)
Affected: 5.10.0.0 , < 5.10.4.23 (semver)
Affected: 5.11.0.0 , < 5.11.3.13 (semver)
Affected: 5.12.0.0 , < 5.12.1.3 (semver)
Affected: 5.12.2.0 , < 5.12.2.1 (semver)
    cpe:2.3:a:genetec:security_center:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
AlgoSecure, Louis Moubinous
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:genetec:security_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "security_center",
            "vendor": "genetec",
            "versions": [
              {
                "lessThan": "5.8.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.9.5.8",
                "status": "affected",
                "version": "5.9.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.10.4.23",
                "status": "affected",
                "version": "5.10.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.11.3.13",
                "status": "affected",
                "version": "5.11.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.12.1.3",
                "status": "affected",
                "version": "5.12.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.12.2.1",
                "status": "affected",
                "version": "5.12.2.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:06:17.075211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:11:38.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c5.8.2.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.8.2.1",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.9.0.0 \u003c5.9.5.8",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.8",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.23",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.23",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.13",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.13",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.1.3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.1.3 \u003c5.12.2.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.2.0 \u003c5.12.2.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "AlgoSecure, Louis Moubinous"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-138",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-138: Reflection Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-09T22:45:41.270Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role"
        },
        {
          "url": "https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.8.2.1, 5.9.5.8, 5.10.4.23, 5.11.3.13, 5.12.1.3, 5.12.2.1 and all later versions."
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2024-7059",
    "datePublished": "2024-11-05T13:13:29.839Z",
    "dateReserved": "2024-07-23T20:53:20.464Z",
    "dateUpdated": "2024-11-09T22:45:41.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6096 (GCVE-0-2024-6096)

Vulnerability from cvelistv5 – Published: 2024-07-24 14:00 – Updated: 2025-04-25 23:02
VLAI
Title
Unsafe Deserialization Vulnerability
Summary
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
Progress Software Corporation Telerik Reporting Affected: 1.0.0 , < 18.1.24.709 (semver)
Create a notification for this product.
progress telerik_reporting Affected: 1.0.0.0 , < 18.1.24.709 (semver)
    cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Markus Wulftange with CODE WHITE GmbH
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "telerik_reporting",
            "vendor": "progress",
            "versions": [
              {
                "lessThan": "18.1.24.709",
                "status": "affected",
                "version": "1.0.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T03:55:33.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-25T23:02:56.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250425-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Telerik Reporting",
          "vendor": "Progress Software Corporation",
          "versions": [
            {
              "lessThan": "18.1.24.709",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Markus Wulftange with CODE WHITE GmbH"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-24T14:00:19.107Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unsafe Deserialization Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-6096",
    "datePublished": "2024-07-24T14:00:19.107Z",
    "dateReserved": "2024-06-17T19:17:57.663Z",
    "dateUpdated": "2025-04-25T23:02:56.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4990 (GCVE-0-2024-4990)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-03-20 13:31
VLAI
Title
Unsafe Reflection in base Component class in yiisoft/yii2
Summary
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code
Assigner
Impacted products
Vendor Product Version
yiisoft yiisoft/yii2 Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4990",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T13:30:40.291711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T13:31:05.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "yiisoft/yii2",
          "vendor": "yiisoft",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:11:14.988Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f"
        }
      ],
      "source": {
        "advisory": "4fbdd965-02b6-42e4-b57b-f98f93415b8f",
        "discovery": "EXTERNAL"
      },
      "title": "Unsafe Reflection in base Component class in yiisoft/yii2"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-4990",
    "datePublished": "2025-03-20T10:11:14.988Z",
    "dateReserved": "2024-05-16T09:00:39.505Z",
    "dateUpdated": "2025-03-20T13:31:05.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1574 (GCVE-0-2024-1574)

Vulnerability from cvelistv5 – Published: 2024-07-04 09:02 – Updated: 2026-04-08 13:31
VLAI
Summary
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
Mitsubishi Electric Iconics Digital Solutions GENESIS64 Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Corporation GENESIS64 Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Iconics Digital Solutions ICONICS Suite Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Corporation ICONICS Suite Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Iconics Digital Solutions Hyper Historian Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Corporation Hyper Historian Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Iconics Digital Solutions AnalytiX Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Corporation AnalytiX Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Iconics Digital Solutions MobileHMI Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MobileHMI Affected: versions 10.97.2 and prior
Create a notification for this product.
Mitsubishi Electric Iconics Digital Solutions GENESIS32 Affected: versions 9.7 and prior
Create a notification for this product.
Mitsubishi Electric Corporation GENESIS32 Affected: versions 9.7 and prior
Create a notification for this product.
Mitsubishi Electric Iconics Digital Solutions BizViz Affected: versions 9.7 and prior
Create a notification for this product.
Mitsubishi Electric Corporation BizViz Affected: versions 9.7 and prior
Create a notification for this product.
Mitsubishi Electric Corporation MC Works64 Affected: all versions
Create a notification for this product.
iconics genesis64 Affected: 10.97 , < 10.97.92 (custom)
    cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
Create a notification for this product.
mitsubishielectric mc_works64 Affected: 0 , ≤ * (custom)
    cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "genesis64",
            "vendor": "iconics",
            "versions": [
              {
                "lessThan": "10.97.92",
                "status": "affected",
                "version": "10.97",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mitsubishielectric:mc_works64:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mc_works64",
            "vendor": "mitsubishielectric",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1574",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T14:44:19.238774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T14:45:36.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU98894016/"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS64",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS64",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICONICS Suite",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ICONICS Suite",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hyper Historian",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hyper Historian",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AnalytiX",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AnalytiX",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MobileHMI",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MobileHMI",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 10.97.2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS32",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 9.7 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GENESIS32",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 9.7 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "BizViz",
          "vendor": "Mitsubishi Electric Iconics Digital Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "versions 9.7 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "BizViz",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "versions 9.7 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric AnalytiX versions 10.97.2 and prior, Mitsubishi Electric MobileHMI versions 10.97.2 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.2 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Malicious Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:31:05.753Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU98894016/"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2024-1574",
    "datePublished": "2024-07-04T09:02:35.260Z",
    "dateReserved": "2024-02-16T01:30:45.960Z",
    "dateUpdated": "2026-04-08T13:31:05.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0200 (GCVE-0-2024-0200)

Vulnerability from cvelistv5 – Published: 2024-01-16 18:50 – Updated: 2024-08-01 17:41
VLAI
Title
Unsafe Reflection in Github Enterprise Server leading to Command Injection
Summary
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
GitHub Enterprise Server Affected: 3.8.0 , < 3.8.13 (semver)
Affected: 3.9.0 , < 3.9.8 (semver)
Affected: 3.10.0 , < 3.10.5 (semver)
Affected: 3.11.0 , < 3.11.3 (semver)
Create a notification for this product.
github enterprise_server Affected: 3.8.0
    cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Ngo Wei Lin of STAR Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_server",
            "vendor": "github",
            "versions": [
              {
                "status": "affected",
                "version": "3.8.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0200",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T16:25:02.384808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:58:31.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.005Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "lessThan": "3.8.13",
              "status": "affected",
              "version": "3.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.9.8",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.10.5",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.11.3",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ngo Wei Lin of STAR Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u0026nbsp;could lead to the execution of user-controlled methods and remote code execution. To\u0026nbsp;exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-138",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-138 Reflection Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T18:50:48.931Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unsafe Reflection in Github Enterprise Server leading to Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2024-0200",
    "datePublished": "2024-01-16T18:50:48.931Z",
    "dateReserved": "2024-01-02T19:47:57.924Z",
    "dateUpdated": "2024-08-01T17:41:16.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32217 (GCVE-0-2023-32217)

Vulnerability from cvelistv5 – Published: 2023-05-31 00:00 – Updated: 2025-01-10 15:40
VLAI
Title
SailPoint IdentityIQ Unsafe use of Reflection Vulnerability
Summary
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
SailPoint IdentityIQ Affected: 8.3 , ≤ 8.3p2 (semver)
Affected: 8.2 , ≤ 8.2p5 (semver)
Affected: 8.1 , ≤ 8.1p6 (semver)
Affected: 8.0 , ≤ 8.0p5 (semver)
Create a notification for this product.
Credits
Recurity Labs GmbH
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:23.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T15:40:05.443644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T15:40:35.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "IdentityIQ",
          "vendor": "SailPoint",
          "versions": [
            {
              "lessThanOrEqual": "8.3p2",
              "status": "affected",
              "version": "8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2p5",
              "status": "affected",
              "version": "8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1p6",
              "status": "affected",
              "version": "8.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0p5",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Recurity Labs GmbH"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6\u0026nbsp;allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6\u00a0allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-138",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-138 Reflection Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-05T03:55:37.447Z",
        "orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
        "shortName": "SailPoint"
      },
      "references": [
        {
          "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SailPoint IdentityIQ Unsafe use of Reflection Vulnerability",
      "x_generator": {
        "engine": "SecretariatVulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
    "assignerShortName": "SailPoint",
    "cveId": "CVE-2023-32217",
    "datePublished": "2023-05-31T00:00:00.000Z",
    "dateReserved": "2023-05-04T20:01:49.973Z",
    "dateUpdated": "2025-01-10T15:40:35.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6943 (GCVE-0-2023-6943)

Vulnerability from cvelistv5 – Published: 2024-01-30 09:09 – Updated: 2025-09-19 02:13
VLAI
Summary
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:08.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU95103362"
          },
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6943",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T05:00:32.912521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T19:01:43.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EZSocket",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0 to 5.92"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GT Designer3 Version1(GOT1000)",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.325P and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GT Designer3 Version1(GOT2000)",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.320J and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GX Works2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.11M to 1.626C"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GX Works3",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.106L and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSOFT Navigator",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.04E to 2.102G"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MT Works2",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.190Y and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX Component",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "4.00A to 5.007H"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX OPC Server DA/UA",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products."
            }
          ],
          "value": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T02:13:47.115Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://jvn.jp/vu/JVNVU95103362"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-6943",
    "datePublished": "2024-01-30T09:09:29.248Z",
    "dateReserved": "2023-12-19T08:00:07.140Z",
    "dateUpdated": "2025-09-19T02:13:47.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0460 (GCVE-0-2023-0460)

Vulnerability from cvelistv5 – Published: 2023-03-01 16:50 – Updated: 2025-03-07 21:33
VLAI
Title
Remote code execution in YouTube Android Player API SDK
Summary
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
Google YouTube Android Player API SDK Affected: 1.2 , ≤ 1.2.2 (custom)
Create a notification for this product.
Date Public
2023-03-01 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developers.google.com/youtube/android/player/downloads"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0460",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T21:32:45.249893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T21:33:17.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "YouTube Android Player API SDK",
          "vendor": "Google",
          "versions": [
            {
              "lessThanOrEqual": "1.2.2",
              "status": "affected",
              "version": "1.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-03-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App\u2019s ClassLoader. A\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling \u003c/span\u003e\u003ccode\u003ebindService()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app\u2019s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eIn order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store."
            }
          ],
          "value": "The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App\u2019s ClassLoader. A\u00a0potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService()\u00a0on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app\u2019s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked.\n\nIn order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-01T16:50:12.807Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://developers.google.com/youtube/android/player/downloads"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Remote code execution in YouTube Android Player API SDK",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-0460",
    "datePublished": "2023-03-01T16:50:12.807Z",
    "dateReserved": "2023-01-24T09:44:52.484Z",
    "dateUpdated": "2025-03-07T21:33:17.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Refactor your code to avoid using reflection.

Mitigation
Architecture and Design

Do not use user-controlled inputs to select and load classes or code.

Mitigation
Implementation

Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.

CAPEC-138: Reflection Injection

An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.