CVE-2022-44262: Improper Control of Dynamically-Managed Code Resources

December 1, 2022 (updated December 2, 2022)

ff4j 1.8.11 is vulnerable to Remote Code Execution (RCE) by allowing constructors of objects be called with arbitrary values.

References

github.com/ff4j/ff4j/issues/624
nvd.nist.gov/vuln/detail/CVE-2022-44262

Detect and mitigate CVE-2022-44262 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →