Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Not A Problem
-
None
-
None
-
None
Description
Here is one example:
String subclassName = source.readUTF(); try { actualSubclass = Class.forName(subclassName, true, cl);
subclassName may carry tainted value, allowing an attacker to bypass security checks, obtain unauthorized data, or execute arbitrary code