File _patchinfo of Package patchinfo.12347
<patchinfo incident="12347">
<issue tracker="bnc" id="1146657">VUL-0: CVE-2019-10086: apache-commons-beanutils: In 1.9.2, a BeanIntrospector class was added to thwart CVE-2014-0224 but is not used by default</issue>
<issue tracker="cve" id="2019-10086"/>
<category>security</category>
<rating>important</rating>
<packager>pmonrealgonzalez</packager>
<description>This update for apache-commons-beanutils fixes the following issues:
Security issue fixed:
- CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657).
</description>
<summary>Security update for apache-commons-beanutils</summary>
</patchinfo>