Here is a vulnerability i recently discovered inside the CDBView package (Create the cdb view) on my Database Patch Set Update : 12.1.0.2.161018 (24006101) .The package is granted to the “EXECUTE_CATALOG_ROLE” Role by default.
The package is not even wrapped, but this is not a problem as we can easily unwrap it anyway :