shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Dillard (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-612) Need to upgrade BeanUtils to avoid vulnerability
Date Mon, 13 Feb 2017 18:45:42 GMT
David Dillard created SHIRO-612:
-----------------------------------

             Summary: Need to upgrade BeanUtils to avoid vulnerability
                 Key: SHIRO-612
                 URL: https://issues.apache.org/jira/browse/SHIRO-612
             Project: Shiro
          Issue Type: Bug
    Affects Versions: 1.4.0-RC2
            Reporter: David Dillard


Currently, the POM specifies to use BeanUtils 1.8.3.  Unfortunately, this has a known vulnerability
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114) and there's a Metasploit
module available to make exploitation easier.  This needs to be upgraded to the fixed version
1.9.3.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message