CVE-2010-1622: Remote classloader modification

June 21, 2010 (updated December 6, 2016)

This package allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

References

support.springsource.com/security/cve-2010-1622
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1622

Detect and mitigate CVE-2010-1622 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →