Apache Software Foundation Commons BeanUtils 1.2

CPE Details

Apache Software Foundation Commons BeanUtils 1.2
apache
commons_beanutils
1.2
2019-09-11
11h32 +00:00
2019-09-11
11h32 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:commons_beanutils:1.2:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

commons_beanutils

Version

1.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-10086 2019-08-20 18h10 +00:00 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
7.3
Haute
CVE-2014-0114 2014-04-30 08h00 +00:00 Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
7.5