[GHSA-6phf-73q6-gh87] Insecure Deserialization in Apache Commons Beanutils

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 305 forks source link

[GHSA-6phf-73q6-gh87] Insecure Deserialization in Apache Commons Beanutils #4500

Closed SunBK201 closed 1 day ago

SunBK201 commented 1 month ago

Updates

Affected products

Comments According to Patch, this vulnerability was introduced from 1.9.0.

shelbyc commented 1 month ago

@SunBK201 I have a question about this PR. I noticed that CVE-2019-10086 and CVE-2014-0114 appear to be related. According to https://github.com/advisories/GHSA-p66x-2cv9-qq3v, commons-beanutils:commons-beanutils became vulnerable in version 1.8.0. Did you mean to add 1.8.0 as the initial vulnerable version?