GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution
High Nessus Plugin ID 92479
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201607-09 (Commons-BeanUtils: Arbitrary code execution)
Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader.
Remote attackers could potentially execute arbitrary code with the privileges of the process.
There is no known workaround at this time.
SolutionAll Commons BeanUtils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/commons-beanutils-1.9.2'