CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734

Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

EUVD-2019-11174

Malware in sbrugna...

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

Grails 代码注入漏洞

Grails is the Grails project is based on the Groovy programming language and a set of rapid development of Web applications for the open source framework . A security vulnerability in Grails-databinding versions prior to 3.3.15, 4.x versions prior to 4.1.1, 5.x versions prior to 5.1.9, and 5.2.x...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

Unspecified Vulnerability in codeBeamer

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in codeBeamer versions prior t...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...