Lucene search
+L

49 matches found

Redos
Redos
added 2025/07/10 12:0 a.m.8 views

ROS-20250710-11

Vulnerability of PropertyUtilsBean class of Apache Commons Beanutils utility is related to flaws in unbundled access to the class loader. Exploitation of the vulnerability could allow an attacker, acting remotely, execute arbitrary code...

8.8CVSS8.8AI score0.01548EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/06/23 3:38 a.m.7 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
OSV
OSV
added 2025/06/23 12:0 a.m.11 views

ALSA-2025:9318 Important: javapackages-tools:201801 security update

The javapackages-tools packages provide macros and scripts to support Java packaging. Security Fixes: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses ...

8.8CVSS7.2AI score0.28839EPSS
Exploits2References6
OSV
OSV
added 2025/05/28 2:15 p.m.8 views

CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

8.8CVSS8AI score
Exploits0References3
Cvelist
Cvelist
added 2025/05/28 1:32 p.m.484 views

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

0.01548EPSS
Exploits1References1
CVE
CVE
added 2025/05/28 1:32 p.m.464 views

CVE-2025-48734

The CVE-2025-48734 entry describes an Improper Access Control in Apache Commons BeanUtils. A BeanIntrospector was added (default-off in older behavior) to suppress the enum-declaredClass property access that could reveal a ClassLoader when external property paths are passed to PropertyUtilsBean.g...

8.8CVSS9AI score0.01548EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2025/05/28 1:32 p.m.10 views

CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

8.8CVSS6.8AI score0.01548EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.5 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/09/01 2:41 p.m.8 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/06/24 5:2 p.m.8 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/06/19 1:47 a.m.5 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2020/06/15 8:36 p.m.221 views

Insecure Deserialization in Apache Commons Beanutils

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

7.5CVSS3.6AI score0.28839EPSS
Exploits1References57Affected Software1
RedHat Linux
RedHat Linux
added 2020/05/26 4:9 p.m.7 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/23 8:13 p.m.5 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/18 5:36 p.m.13 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/12 5:2 p.m.5 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
Amazon
Amazon
added 2020/02/17 12:0 a.m.96 views

Important: apache-commons-beanutils

Issue Overview: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the...

7.5CVSS7.4AI score0.28839EPSS
Exploits1
Rows per page
Query Builder