You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Apache Commons Beanutils 1.9.2 before 1.9.4, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2019-10086
Checkmarx Project: jerp1979/java-faker
Repository URL: https:/jerp1979/java-faker
Branch: master
Scan ID: 8f3fa71f-fe46-4bc8-9378-781a0403538e
In Apache Commons Beanutils 1.9.2 before 1.9.4, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: LOW
Remediation Upgrade Recommendation: 1.9.4
The text was updated successfully, but these errors were encountered: