CWE-470
AllowedUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Abstraction: Base · Status: Draft
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
113 vulnerabilities reference this CWE, most recent first.
GHSA-X746-7M8F-X49C
Vulnerability from github – Published: 2026-06-15 20:16 – Updated: 2026-07-09 21:05Summary
When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs.
When an HTTPEndpoint subclass is registered through Route(...) without an explicit methods= argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler.
Details
HTTPEndpoint uses the client-supplied method name to resolve an instance attribute, without validating it against the set of HTTP verbs the endpoint supports. A method such as _DO_DELETE therefore resolves an attribute like _do_delete and invokes it. Non-standard methods are valid RFC 9110 token methods, so an endpoint must not treat the method name as a trusted attribute selector.
Impact
An application is affected when all of the following hold:
- It defines an
HTTPEndpointsubclass and registers it viaRoute(...)without an explicitmethods=argument. - The subclass defines additional methods whose names match a non-standard HTTP-method token shape and that accept a single
requestargument and return a response.
This also affects frameworks built on Starlette, like FastAPI.
Mitigation
Register HTTPEndpoint subclasses with an explicit methods= argument on the Route, listing only the HTTP verbs the endpoint supports. The route then rejects any other method with 405 Method Not Allowed before it reaches the endpoint, so non-standard methods cannot resolve an attribute.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "starlette"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48817"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T20:16:05Z",
"nvd_published_at": "2026-06-17T20:17:22Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nWhen dispatching a request, `HTTPEndpoint` selects the handler by lowercasing the HTTP method and looking it up as an attribute with `getattr`, without restricting the lookup to a known set of HTTP verbs.\n\nWhen an `HTTPEndpoint` subclass is registered through `Route(...)` without an explicit `methods=` argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler.\n\n### Details\n\n`HTTPEndpoint` uses the client-supplied method name to resolve an instance attribute, without validating it against the set of HTTP verbs the endpoint supports. A method such as `_DO_DELETE` therefore resolves an attribute like `_do_delete` and invokes it. Non-standard methods are valid [RFC 9110](https://www.rfc-editor.org/rfc/rfc9110#name-method) token methods, so an endpoint must not treat the method name as a trusted attribute selector.\n\n### Impact\n\nAn application is affected when all of the following hold:\n\n* It defines an `HTTPEndpoint` subclass and registers it via `Route(...)` without an explicit `methods=` argument.\n* The subclass defines additional methods whose names match a non-standard HTTP-method token shape and that accept a single `request` argument and return a response.\n\nThis also affects frameworks built on Starlette, like FastAPI.\n\n### Mitigation\n\nRegister `HTTPEndpoint` subclasses with an explicit `methods=` argument on the `Route`, listing only the HTTP verbs the endpoint supports. The route then rejects any other method with `405 Method Not Allowed` before it reaches the endpoint, so non-standard methods cannot resolve an attribute.",
"id": "GHSA-x746-7m8f-x49c",
"modified": "2026-07-09T21:05:46Z",
"published": "2026-06-15T20:16:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-x746-7m8f-x49c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48817"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kludex/starlette"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/starlette/releases/tag/1.1.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`"
}
GHSA-X74X-QF5J-35JH
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-06-01 19:41A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins.workflow:workflow-cps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.65"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-1003041"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-01T19:41:15Z",
"nvd_published_at": "2019-03-28T18:29:00Z",
"severity": "CRITICAL"
},
"details": "A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.",
"id": "GHSA-x74x-qf5j-35jh",
"modified": "2022-06-01T19:41:15Z",
"published": "2022-05-13T01:15:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003041"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/workflow-cps-plugin/commit/2e5a67fde9baf25315fe692161b4e90d401da86c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1423"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/workflow-cps-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/03/28/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107628"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin"
}
GHSA-XXGP-PCFC-3VGC
Vulnerability from github – Published: 2020-06-15 19:57 – Updated: 2022-07-20 14:21In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.2.4.Final"
},
"package": {
"ecosystem": "Maven",
"name": "org.hibernate:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "5.2.5.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.3.5.Final"
},
"package": {
"ecosystem": "Maven",
"name": "org.hibernate:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.6.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.4.1.Final"
},
"package": {
"ecosystem": "Maven",
"name": "org.hibernate:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "5.4.0"
},
{
"fixed": "5.4.2.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-7536"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-11T18:50:29Z",
"nvd_published_at": "2018-01-10T15:29:00Z",
"severity": "HIGH"
},
"details": "In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().",
"id": "GHSA-xxgp-pcfc-3vgc",
"modified": "2022-07-20T14:21:17Z",
"published": "2020-06-15T19:57:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536"
},
{
"type": "WEB",
"url": "https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac"
},
{
"type": "WEB",
"url": "https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/hibernate/hibernate-validator"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3817"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2743"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2742"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2741"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2740"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101048"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039744"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Privilege Escalation in Hibernate Validator"
}
Mitigation
Refactor your code to avoid using reflection.
Mitigation
Do not use user-controlled inputs to select and load classes or code.
Mitigation
Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.
CAPEC-138: Reflection Injection
An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.