Commons Beanutils Apache Commons Beanutils

Do you want an email whenever new security vulnerabilities are reported in Apache Commons Beanutils?

By the Year

In 2022 there have been 0 vulnerabilities in Apache Commons Beanutils . Commons Beanutils did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 7.30
2018 0 0.00

It may take a day or so for new Commons Beanutils vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Commons Beanutils Security Vulnerabilities

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which

CVE-2019-10086 7.3 - High - August 20, 2019

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Marshaling, Unmarshaling

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which

CVE-2014-0114 - April 30, 2014

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Struts or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe