-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4229-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 25, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : commons-beanutils Version : 1.9.4-1+deb11u1 CVE ID : CVE-2025-48734 commons-beanutils, utility for manipulating Java beans have an improper Access Control vulnerability. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. For Debian 11 bullseye, this problem has been fixed in version 1.9.4-1+deb11u1. We recommend that you upgrade your commons-beanutils packages. For the detailed security status of commons-beanutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/commons-beanutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmhbuA0ACgkQhj1N8u2c KO+xsw/9FflK9vWsMcRyPvUOSrdp/EBVPOpPD9wdCjB/xDGBHiaQEOCQ/zBLqSBc PG2OzeznrajM4of3mBXcqswRdoQjyzg+5+tyBhFAocbNfN1wyxI/gC4oIqVtHzFr 2BwPzveZOgiwakeh/cNQ9NSdDtx76wwjoQM9QxvJEoqj7O/wRTOjXqn/aiZZi+xf NSAhsczLYaJRADRH9f8JkKVpbBFak3TLy4gzwyGP2Wjs0dEaNwWvFW+p8OHPuUY/ gaswwBTXHxYyb+7tveymbvfQpi3u9kKQ8Nd439GVNZH/Jl039FIuT9lHhpc4U2FU kTRnA3ldiVt/wpDEiri4XhwxqTg0JPIjiV5eTR++NiS4w7c27PRn46E3Qwaj44d9 sNN5zMByW+RuRlu5Moaupgpehv9ZNUroj/3d6H9ODvSjDv1jdy6AIaEHtJag5MBq 0pL+wr3URKihn+aONkpV4yZfi+kkssMo5sTUVvlrQAHf71MTJnQoNCDU5YMpVrh8 zealdOQfrjY34ycmMgLTPhwD2iSyCqjOFzTpltat/24w5vA7BoSbaHomDVu7KAHS VzlpWO+5XWFebdx7juCLGnqUlgDvwBpOj6y5rs1OXHByvzjZ9+VLmajyzFp52ni/ r4pv8eUReGwvYzb0Szauzx3SkYxIubfy0gdwy2gg+YkHtXQXJ7s= =qLyd -----END PGP SIGNATURE-----
