Back to search
CVE-2019-10086
Published: Aug 20, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
| Vendor | Product | Versions |
|---|---|---|
Apache | Apache Commons Beanutils | affected Apache Commons Beanutils 1.0 to 1.9.3 |
References
[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update
mailing-list
x_refsource_MLIST
openSUSE-SU-2019:2058
vendor-advisory
x_refsource_SUSE
[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml
mailing-list
x_refsource_MLIST
[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix
mailing-list
x_refsource_MLIST
[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix
mailing-list
x_refsource_MLIST
[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix
mailing-list
x_refsource_MLIST
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
mailing-list
x_refsource_MLIST
[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix
mailing-list
x_refsource_MLIST
[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix
mailing-list
x_refsource_MLIST
FEDORA-2019-bcad44b5d6
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-79b5790566
vendor-advisory
x_refsource_FEDORA
RHSA-2019:4317
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0057
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0194
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0806
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0811
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0804
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0805
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.html
x_refsource_MISC
[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086
mailing-list
x_refsource_MLIST
[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086
mailing-list
x_refsource_MLIST
[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086
mailing-list
x_refsource_MLIST
[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086
mailing-list
x_refsource_MLIST
[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now