[DepShield] (CVSS 7.5) Vulnerability due to usage of commons-beanutils:commons-beanutils:1.8.3

egovernments / egov-search

Elastic Search & Java Domain Model Integration Framework

GNU General Public License v3.0

2 stars 2 forks source link

[DepShield] (CVSS 7.5) Vulnerability due to usage of commons-beanutils:commons-beanutils:1.8.3 #1

Open sonatype-depshield[bot] opened 4 years ago

sonatype-depshield[bot] commented 4 years ago

Vulnerabilities

DepShield reports that this application's usage of commons-beanutils:commons-beanutils:1.8.3 results in the following vulnerability(s):

(CVSS 7.5) [CVE-2014-0114] Improper Input Validation

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

sonatype-depshield[bot] commented 4 years ago

DepShield reports that the following additional vulnerability(s) have been discovered for commons-beanutils:commons-beanutils:1.8.3:

(CVSS 7.3) [CVE-2019-10086] In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added wh...