Skip to content

CVE-2019-10086. Bump commons-beanutils version to 1.9.4 #6

New issue
New issue
Open
Open
CVE-2019-10086. Bump commons-beanutils version to 1.9.4#6
@lcg936

Description

@lcg936
lcg936
opened on Dec 9, 2019

Hi,

First of all thank you for all the work and effort put on this project, much appreciated.

The package commons-beanutils version 1.9.2 has been tagged with CVE-2019-10086.
I leave you some references:
https://nvd.nist.gov/vuln/detail/CVE-2019-10086
https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-460111

This is a transitive dependency from commons-validator, and there is no date for fix release from the Apache team.

Could you consider setting the commons-beanutils version to 1.9.4 as this version fixes the vulnerability?

Thanks in advance,
Regards.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions