You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Patrick Trainor (JIRA)" <ji...@apache.org> on 2014/04/29 20:18:15 UTC
[jira] [Created] (BEANUTILS-463) Class loader vulnerability in
DefaultResolver
Patrick Trainor created BEANUTILS-463:
-----------------------------------------
Summary: Class loader vulnerability in DefaultResolver
Key: BEANUTILS-463
URL: https://issues.apache.org/jira/browse/BEANUTILS-463
Project: Commons BeanUtils
Issue Type: Bug
Components: Expression Syntax
Affects Versions: 1.8.3, 1.8.2, 1.8.1, 1.8.0, 1.9.0, 1.9.1
Reporter: Patrick Trainor
There is no check for the "class" keyword when getting nested properties. Please see here (and translate it) for a more detailed explanation:
http://qiita.com/kawasima/items/670d2591bc8fea19dc1d
--
This message was sent by Atlassian JIRA
(v6.2#6252)