{"id":"CVE-2021-28167","details":"In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.","modified":"2026-03-14T10:50:23.850948Z","published":"2021-04-21T18:15:08.793Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"FIX","url":"https://github.com/eclipse/openj9/issues/12016"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/openj9","events":[{"introduced":"0"},{"last_affected":"022d65424fab41e054ae9834822414cc5334f5bc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.25.0"}]}}],"versions":["openj9-0.0","openj9-0.0M1","openj9-0.0RC2","openj9-0.10.0-rc1","openj9-0.11.0","openj9-0.11.0-rc1","openj9-0.11.0-rc2","openj9-0.12.0-m1","openj9-0.12.0-m2","openj9-0.12.0-rc1","openj9-0.16.0-m1","openj9-0.17.0-m1","openj9-0.18.0-m1","openj9-0.19.0-m1","openj9-0.20.0-m1","openj9-0.21.0-m1","openj9-0.22.0-m1","openj9-0.23.0-m1","openj9-0.24.0-m1","openj9-0.25.0","openj9-0.25.0-m1","openj9-0.25.0-m2","openj9-0.25.0-m3","openj9-0.8.0","openj9-0.8.0-rc1","openj9-0.8.0-rc2","openj9-0.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28167.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}