You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Patrick Trainor (JIRA)" <ji...@apache.org> on 2014/04/29 20:18:15 UTC

[jira] [Created] (BEANUTILS-463) Class loader vulnerability in DefaultResolver

Patrick Trainor created BEANUTILS-463:
-----------------------------------------

             Summary: Class loader vulnerability in DefaultResolver
                 Key: BEANUTILS-463
                 URL: https://issues.apache.org/jira/browse/BEANUTILS-463
             Project: Commons BeanUtils
          Issue Type: Bug
          Components: Expression Syntax
    Affects Versions: 1.8.3, 1.8.2, 1.8.1, 1.8.0, 1.9.0, 1.9.1
            Reporter: Patrick Trainor


There is no check for the "class" keyword when getting nested properties. Please see here (and translate it) for a more detailed explanation:

http://qiita.com/kawasima/items/670d2591bc8fea19dc1d



--
This message was sent by Atlassian JIRA
(v6.2#6252)