Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes
Moderate severity
GitHub Reviewed
Published
Jun 2, 2026
to the GitHub Advisory Database
•
Updated Jul 9, 2026
Package
Affected versions
>= 1.5.0, < 1.42.0
Patched versions
1.42.0
Description
Published by the National Vulnerability Database
Jun 2, 2026
Published to the GitHub Advisory Database
Jun 2, 2026
Reviewed
Jul 9, 2026
Last updated
Jul 9, 2026
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.
This issue affects Apache Calcite: from 1.5.0 before 1.42.
Users are recommended to upgrade to version 1.42, which fixes the issue.
References