VYPR
High severityNVD Advisory· Published Apr 30, 2014· Updated Jun 17, 2026

CVE-2014-0114

CVE-2014-0114

Description

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
commons-beanutils:commons-beanutilsMaven
>= 1.8.0, < 1.9.41.9.4

Affected products

23

Patches

Vulnerability mechanics

References

176

News mentions

0

No linked articles in our index yet.