CVE-2025-48734
- EPSS 0.06%
- Published 28.05.2025 13:32:08
- Last modified 09.06.2025 18:56:26
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. ...
CVE-2019-10086
- EPSS 0.26%
- Published 20.08.2019 21:15:12
- Last modified 21.11.2024 04:18:22
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...
CVE-2014-0114
- EPSS 92.32%
- Published 30.04.2014 10:49:03
- Last modified 12.04.2025 10:46:40
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m...