database-all icon indicating copy to clipboard operation
database-all copied to clipboard
verified publisher icon gaarason

Fix ClassLoader Security Vulnerability

Open simei2k opened this issue 7 months ago • 0 comments

Description

This PR addresses a security vulnerability in the getClassLoader() method where accessing the thread's context class loader could fail under a SecurityManager with restricted thread permissions.

Security Issues Fixed

  1. Missing Security Checks: Added proper privilege management when accessing the thread's context class loader.

This vulnerability was also found in smallrye/smallrye-config@fb0def6 and fixed.

References:

  1. smallrye/smallrye-config@fb0def6
  2. https://nvd.nist.gov/vuln/detail/cve-2020-1729

simei2k avatar May 18 '25 05:05 simei2k