Karlatemp

**Name of the Vulnerable Software and Affected Versions** UnsafeAccessor versions 1.4.0 through 1.6.x **Description** The issue concerns UnsafeAccessor (UA), a bridge to access jdk.internal.misc.Unsafe and sun.misc.Unsafe. Normally, when UA is loaded as a named module, its internal data is protected by the JVM, and access is limited to UA's standard API. The main application can set up `SecurityCheck.AccessLimiter` for UA to limit access. However, in affected versions, when `SecurityCheck.AccessLimiter` is set up, untrusted code can access UA without limitation, even when UA is loaded as a named module. This issue does not affect those for whom `SecurityCheck.AccessLimiter` is not set up. **Recommendations** For versions 1.4.0 through 1.6.x, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider not setting up `SecurityCheck.AccessLimiter` for UA until a patch is applied. Restrict access to UA to minimize the risk of exploitation.