Homepage
About Snyk

commons-beanutils:commons-beanutils@1.9.3 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the commons-beanutils:commons-beanutils package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Deserialization of Untrusted Data

commons-beanutils:commons-beanutils is a provides an easy-to-use but flexible wrapper around reflection and introspection.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. This was not enabled by default and was therefore an incomplete fix for CVE-2014-0114.

How to fix Deserialization of Untrusted Data?

Upgrade commons-beanutils:commons-beanutils to version 1.9.4 or higher.

[1.9.2,1.9.4)
Go back to all versions of this package