Uploaded image for project: 'Commons BeanUtils'
  1. Commons BeanUtils
  2. BEANUTILS-463

Class loader vulnerability in DefaultResolver

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1
    • Fix Version/s: 1.9.2
    • Component/s: Expression Syntax
    • Labels:
      None

      Description

      There is no check for the "class" keyword when getting nested properties. Please see here (and translate it) for a more detailed explanation:

      http://qiita.com/kawasima/items/670d2591bc8fea19dc1d

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ptrainor Patrick Trainor
            • Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: