Description
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.
Remediation
References
https://github.com/HubSpot/jinjava/pull/230
https://github.com/HubSpot/jinjava/blob/master/CHANGES.md
Related Vulnerabilities
CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:flex-messaging-common
CVE-2022-43429 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2022-41957 Vulnerability in npm package hummus
CVE-2008-1285 Vulnerability in maven package javax.faces:jsf-impl