Commons BeanUtils
  1. Commons BeanUtils
  2. BEANUTILS-463

Class loader vulnerability in DefaultResolver

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1
    • Fix Version/s: 1.9.2
    • Component/s: Expression Syntax
    • Labels:
      None

      Description

      There is no check for the "class" keyword when getting nested properties. Please see here (and translate it) for a more detailed explanation:

      http://qiita.com/kawasima/items/670d2591bc8fea19dc1d

        Activity

        Oliver Heger made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Oliver Heger made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 1.9.2 [ 12325879 ]
        Resolution Fixed [ 1 ]
        Patrick Trainor made changes -
        Field Original Value New Value
        Issue Type Bug [ 1 ] Improvement [ 4 ]
        Patrick Trainor created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            Patrick Trainor
          • Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development