OESA-2025-1803

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1803
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1803.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1803
Upstream
Published
2025-07-11T12:24:11Z
Modified
2025-08-12T05:51:24.880035Z
Summary
apache-commons-beanutils security update
Details

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight.

Security Fix(es):

A vulnerability, which was classified as critical, was found in Apache Commons BeanUtils up to 1.10.x/2.0.0-/1.CWE is classifying the issue as CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 1.11.0 or 2.0.0-M2 eliminates this vulnerability.(CVE-2025-48734)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / apache-commons-beanutils

Package

Name
apache-commons-beanutils
Purl
pkg:rpm/openEuler/apache-commons-beanutils&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.4-4.oe2403sp2

Ecosystem specific 

{
    "src": [
        "apache-commons-beanutils-1.9.4-4.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "apache-commons-beanutils-1.9.4-4.oe2403sp2.noarch.rpm",
        "apache-commons-beanutils-javadoc-1.9.4-4.oe2403sp2.noarch.rpm"
    ]
}