Commons-BeanUtils: Arbitrary code execution

Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. commons-beanutils 2016-07-20 2016-07-20 534498 remote 1.9.2 1.9.2

Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs

Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader.

Remote attackers could potentially execute arbitrary code with the privileges of the process.

There is no known workaround at this time.

All Commons BeanUtils users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/commons-beanutils-1.9.2"

CVE-2014-0114 Zlogene b-man