commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Heger (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (BEANUTILS-463) Class loader vulnerability in DefaultResolver
Date Fri, 30 May 2014 20:09:01 GMT

     [ https://issues.apache.org/jira/browse/BEANUTILS-463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oliver Heger closed BEANUTILS-463.
----------------------------------


> Class loader vulnerability in DefaultResolver
> ---------------------------------------------
>
>                 Key: BEANUTILS-463
>                 URL: https://issues.apache.org/jira/browse/BEANUTILS-463
>             Project: Commons BeanUtils
>          Issue Type: Improvement
>          Components: Expression Syntax
>    Affects Versions: 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1
>            Reporter: Patrick Trainor
>             Fix For: 1.9.2
>
>
> There is no check for the "class" keyword when getting nested properties. Please see
here (and translate it) for a more detailed explanation:
> http://qiita.com/kawasima/items/670d2591bc8fea19dc1d



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message