CVE-2014-0094: Incomplete fix for ClassLoader manipulation via ParametersInterceptor

March 11, 2014 (updated August 12, 2019)

The ParametersInterceptor in this package allows remote attackers to manipulate the ClassLoader via the class parameter, which is passed to the getClass method.

References

packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
struts.apache.org/docs/s2-021.html
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113

Code Behaviors & Features

Detect and mitigate CVE-2014-0094 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →