Описание
Important: javapackages-tools:201801 security update
The javapackages-tools packages provide macros and scripts to support Java packaging.
Security Fix(es):
-
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
-
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1767483
- Red Hat - 2368956
Связанные уязвимости
ELSA-2025-9318: javapackages-tools:201801 security update (IMPORTANT)
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...