Ted Yu created FLINK-6421: ----------------------------- Summary: Unchecked reflection calls in PojoSerializer Key: FLINK-6421 URL: https://issues.apache.org/jira/browse/FLINK-6421 Project: Flink Issue Type: Bug Reporter: Ted Yu Priority: Minor
Here is one example: {code} String subclassName = source.readUTF(); try { actualSubclass = Class.forName(subclassName, true, cl); {code} subclassName may carry tainted value, allowing an attacker to bypass security checks, obtain unauthorized data, or execute arbitrary code -- This message was sent by Atlassian JIRA (v6.3.15#6346)