INFSA-2025:9318: javapackages-tools:201801 security update
Information about definition
Identificator: INFSA-2025:9318
Type: security
Release date: 2025-07-07 18:20:02 UTC
Information about package
The javapackages-tools packages provide macros and scripts to support Java packaging.
Vulnerabilities description
- CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
- CVE-2025-48734
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2019-10086
|
no information | 7.3 | no information |
|
NIST — CVE-2025-48734
|
no information | 8.8 | no information |
Updated packages