You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1.Look at POM
2.See the version is 1.8.3
3.Look at CVE-2014-0114 and see the description "Apache Commons BeanUtils, as
distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through
1.3.10 and in other products requiring commons-beanutils through 1.9.2, does
not suppress the class property, which allows remote attackers to "manipulate"
the ClassLoader and execute arbitrary code via the class parameter, as
demonstrated by the passing of this parameter to the getClass method of the
ActionForm object in Struts 1."
What is the expected output? What do you see instead?
Output isn't the issue
What version of the product are you using? On what operating system?
2.1 (also looked at the trunk version which appears to be 2.1.1)
Does this issue affect only a specified browser or set of browsers?
No
Please provide any additional information below.
Need to update the version. Also, need to add some extra code to deal with the
issue. See the INTRODUCTION section in the 1.9.2 release notes:
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES
.txt
Original issue reported on code.google.com by [email protected] on 4 Feb 2015 at 7:19
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 4 Feb 2015 at 7:19The text was updated successfully, but these errors were encountered: