CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
Objenesis is a small Java library that serves one purpose: to instantiate a new object of a particular class. Java supports dynamic instantiation of classes using Class.newInstance(); however, this only works if the class has an appropriate constructor. There are many times when a class cannot be instantiated this way, such as when the class contains constructors that require arguments, that have side effect s, and/or that throw exceptions. As a result, it is common to see restrictions in libraries stating that classes must require a default constructor. Objenesis aims to overcome these restrictions by bypassing the constructor on object instantiation. Needing to instantiate an object without calling the constructor is a fairly specialized task, however there are certain cases when this is useful: * Serialization, Remoting and Persistence - Objects need to be instantiated and restored to a specific state, without invoking code. * Proxies, AOP Libraries and Mock Objects - Classes can be sub-classed without needing to worry about the super() constructor. * Container Frameworks - Objects can be dynamically instantiated in non-standard ways.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%