VYPR
Unrated severityNVD Advisory· Published Apr 21, 2021· Updated Aug 3, 2024

CVE-2021-28167

CVE-2021-28167

Description

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Eclipse/Openj9llm-fuzzy
    Range: <=0.25.0
  • The Eclipse Foundation/Eclipse OpenJ9v5
    Range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.