VYPR
High severityNVD Advisory· Published Aug 20, 2019· Updated Aug 4, 2024

CVE-2019-10086

CVE-2019-10086

Description

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
commons-beanutils:commons-beanutilsMaven
< 1.9.41.9.4

Affected products

654

Patches

Vulnerability mechanics

References

93

News mentions

0

No linked articles in our index yet.