Zekerzhayardo

Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.25.0 Description: The issue arises from the usage of the `jdk.internal.reflect.ConstantPool` API, which in some cases causes the JVM to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, potentially enabling the observation of uninitialized values. Recommendations: For Eclipse Openj9 versions prior to 0.25.0, consider avoiding the use of the `jdk.internal.reflect.ConstantPool` API until a patch is available. As a temporary workaround, restrict access to static methods and members to minimize the risk of exploitation.