Details

      Description

      Apache Commons BeanUtils, version 1.9.2, used in Alfresco 5.0 and 5.1, is one of the libraries that is reported to have deserialization vulnerability. It uses vulnerable Apache Commons Collections, version 3.2.1, see e.g. commons-beanutils dependencies.

      commons-beanutils have upgraded commons-collections from 3.2.1 to 3.2.2 where the vulnerability is fixed in its current development version 1.9.3 that is not yet released, see BEANUTILS-482 and https://svn.apache.org/viewvc/commons/proper/beanutils/trunk/, r1714371 on Nov 14 21:00:27 2015 UTC.

      We need to upgrade commons-beanutils when 1.9.3 version will be released.

        Attachments

          Structure

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs (Inactive)
                Reporter:
                tvalkevych Tatyana Valkevych [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Time Spent - 4 hours, 20 minutes Remaining Estimate - 1 day, 3 hours, 50 minutes
                  1d 3h 50m
                  Logged:
                  Time Spent - 4 hours, 20 minutes Remaining Estimate - 1 day, 3 hours, 50 minutes
                  4h 20m

                    Structure Helper Panel