{"id":"MGASA-2019-0399","summary":"Updated apache-commons-beanutils packages fix security vulnerability","details":"Updated apache-commons-beanutils packages fix security vulnerability:\n\nIn Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was\nadded which allows suppressing the ability for an attacker to access the\nclassloader via the class property available on all Java objects. We,\nhowever were not using this by default characteristic of the\nPropertyUtilsBean (CVE-2019-10086).\n\nAlso, the apache-commons-collections package has been rebuilt to regenerate\nthe OSGi metadata, to allow the apache-commons-beanutils package to build.\n","modified":"2026-04-16T00:11:32.336763656Z","published":"2019-12-19T13:44:26Z","upstream":["CVE-2019-10086"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0399.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25765"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2019-09/msg00017.html"}],"affected":[{"package":{"name":"apache-commons-beanutils","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/apache-commons-beanutils?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.4-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0399.json"}},{"package":{"name":"apache-commons-collections","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/apache-commons-collections?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.2-7.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0399.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}