Description
Commons-beanutils v 1.8.0 dependency is not security compliant. Has issue CVE-2014-0114.
Note that current version commons-beanutils 1.9.2 in turn has a CVE in its dependency commons-collections (CVE-2015-6420, see BEANUTILS-488), which is fixed in 1.9.3.
In addition, consider including the OWASP Dependency Check to the build to find out about CVEs in dependencies faster.
Attachments
Issue Links
- is duplicated by
-
SHIRO-612 Need to upgrade BeanUtils to avoid vulnerability
- Resolved
- links to