Lucene search

K
cvelistApacheCVELIST:CVE-2019-10086
HistoryAug 20, 2019 - 8:10 p.m.

CVE-2019-10086

2019-08-2020:10:15
apache
www.cve.org

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

CNA Affected

[
  {
    "product": "Apache Commons Beanutils",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Commons Beanutils 1.0 to 1.9.3"
      }
    ]
  }
]

References