[GHSA-p66x-2cv9-qq3v] Arbitrary code execution in Apache Commons BeanUtils

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 305 forks source link

[GHSA-p66x-2cv9-qq3v] Arbitrary code execution in Apache Commons BeanUtils #4506

Closed SunBK201 closed 1 month ago

SunBK201 commented 1 month ago

Updates

Affected products

Comments According to apache/commons-beanutils@62e82ad92cf4818709d6044aaf257b73d42659a4, this patch was introduced between 1.9.3 and 1.9.4.

shelbyc commented 1 month ago

Hi @SunBK201, I'm looking at https://github.com/github/advisory-database/pull/4500 and this PR at the same time because they appear to be related.

I agree with the change for GHSA-p66x-2cv9-qq3v that this PR suggests. Thank you for providing a fix commit to support setting the fixed version to 1.9.4.

advisory-database[bot] commented 1 month ago

Hi @SunBK201! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!