No security checking for UnsafeAccess.getInstance() in UnsafeAccessor

Main / No security checking for UnsafeAccess.getInstance() in UnsafeAccessor

Discription

### Overview

Affected versions have no limit to using unsafe-accessor. Can be ignored if `SecurityCheck.AccessLimiter` not setup

### Details

If UA was loaded as a named module, the internal data of UA will be protected by JVM and others can only access UA via UA’s standard api.
Main application can setup `SecurityCheck.AccessLimiter` for UA to limit accesses to UA.
Untrusted code can access UA without lmitation in affected versions even UA was loaded as a named module.

### References

[The commit to fix](https://github.com/Karlatemp/UnsafeAccessor/commit/4ef83000184e8f13239a1ea2847ee401d81585fd)Read More

References

Back to Main

Subscribe for the latest news: