CVE-2017-7536: Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)

January 10, 2018 (updated October 3, 2019)

An attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

References

www.securityfocus.com/bid/101048
www.securitytracker.com/id/1039744
bugzilla.redhat.com/show_bug.cgi?id=1465573
nvd.nist.gov/vuln/detail/CVE-2017-7536

Code Behaviors & Features

Detect and mitigate CVE-2017-7536 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →