CVE-2014-0094: Incomplete fix for ClassLoader manipulation via ParametersInterceptor
(updated )
The ParametersInterceptor
in this package allows remote attackers to manipulate
the ClassLoader
via the class parameter, which is passed to the getClass method.
References
Detect and mitigate CVE-2014-0094 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →