Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-612

Need to upgrade BeanUtils to avoid vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.4.0-RC2
    • 1.4.0-RC2
    • None
    • None

    Description

      Currently, the POM specifies to use BeanUtils 1.8.3. Unfortunately, this has a known vulnerability (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114) and there's a Metasploit module available to make exploitation easier. This needs to be upgraded to the fixed version 1.9.3.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. SHIRO-576 Commons-beanutils dependency is not security compliant

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              ddillard David Dillard
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: