What the vulnerability does

01Description

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.

Key dates

02Disclosure timeline

April 21, 2021 CVE published
August 3, 2024 Record updated