Vulnerability Details : CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Products affected by CVE-2019-10086
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*
- Oracle » Utilities FrameworkVersions from including (>=) 4.3.0.1.0 and up to, including, (<=) 4.3.0.6.0cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*
- cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*
- cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*
- cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-10086
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-10086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST | |
7.3
|
HIGH | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
N/A
|
N/A
|
Oracle:CPUOct2023 |
CWE ids for CVE-2019-10086
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-10086
-
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
[GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E
[jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E
[GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E
Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpujan2020.html
Oracle Critical Patch Update Advisory - January 2020Third Party Advisory
-
https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E
[nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependenMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E
[jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E
[jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix - Pony MailMailing List;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html
[SECURITY] [DLA 1896-1] commons-beanutils security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html
[security-announce] openSUSE-SU-2019:2058-1: important: Security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
[SECURITY] Fedora 30 Update: apache-commons-beanutils-1.9.4-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0057
RHSA-2020:0057 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E
[jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E
[GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E
[jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities - Pony MailMailing List;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2020:0194
RHSA-2020:0194 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E
Pony Mail!Mailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2020:0805
RHSA-2020:0805 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e
[SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E
[jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E
[GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E
Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:4317
RHSA-2019:4317 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0806
RHSA-2020:0806 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0804
RHSA-2020:0804 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E
[GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E
[jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E
[GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils - Pony MailMailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E
Pony Mail!Mailing List;Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
[SECURITY] Fedora 31 Update: apache-commons-beanutils-1.9.4-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E
[jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix - Pony MailMailing List;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2020:0811
RHSA-2020:0811 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E
[jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022
-
https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E
[jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E
[GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 - Pony MailMailing List;Vendor Advisory
Jump to