[BEANUTILS-463] Class loader vulnerability in DefaultResolver - ASF JIRA

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1
Fix Version/s: 1.9.2
Component/s: Expression Syntax
Labels:
None

Description

There is no check for the "class" keyword when getting nested properties. Please see here (and translate it) for a more detailed explanation:

http://qiita.com/kawasima/items/670d2591bc8fea19dc1d

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Patrick Trainor

Votes:

2 Vote for this issue

Watchers:

8 Start watching this issue

Dates

Created:

29/Apr/14 18:17

Updated:

23/Oct/17 07:50

Resolved:

24/May/14 20:14