cvedb.io
CVE-2022-42920
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-11-07T13:15:10.270 · Last modified 2026-06-17T05:05:35.453

Summary

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Affected products

apache — commons_bcel

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.