commons-beanutils: security update to 1.9.4 #1968

KexyBiscuit · 2019-08-22T02:37:31Z

CVE IDs: CVE-2019-10086

Other security advisory IDs: openSUSE-SU-2019:2058-1

Descriptions: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Patches: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesB…

PoC(s): N/A

Architectural progress:

Architecture-independent noarch

The text was updated successfully, but these errors were encountered:

KexyBiscuit · 2019-11-06T05:22:34Z

Use AOSA-2019-0216.

KexyBiscuit added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed to-stable labels Aug 22, 2019

KexyBiscuit added this to the Summer 2019 milestone Aug 22, 2019

KexyBiscuit mentioned this issue Sep 2, 2019

[FROZEN] Iteration Plan for Summer 2019 #1896

Closed

MingcongBai added a commit that referenced this issue Sep 2, 2019

commons-beanutils: update to 1.9.4; #1968

f7e04ea

KexyBiscuit closed this as completed Nov 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

commons-beanutils: security update to 1.9.4 #1968

commons-beanutils: security update to 1.9.4 #1968

KexyBiscuit commented Aug 22, 2019 •

edited by l2dy

Loading

KexyBiscuit commented Nov 6, 2019

commons-beanutils: security update to 1.9.4 #1968

commons-beanutils: security update to 1.9.4 #1968

Comments

KexyBiscuit commented Aug 22, 2019 • edited by l2dy Loading

KexyBiscuit commented Nov 6, 2019

KexyBiscuit commented Aug 22, 2019 •

edited by l2dy

Loading