FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9e5bbffc-d8ac-11e5-b2bd-002590263bf5	bsh -- remote code execution vulnerability Stian Soiland-Reyes reports: This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro MuÃ±oz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix! An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. This update fixes the vulnerability in BeanShell, but it is worth noting that applications doing such deserialization might still be insecure through other libraries. It is recommended that application developers take further measures such as using a restricted class loader when deserializing. See notes on Java serialization security XStream security and How to secure deserialization from untrusted input without using encryption or sealing. Discovery 2016-02-18 Entry 2016-02-21 bsh < 2.0.b6 CVE-2016-2510 ports/207334 https://github.com/beanshell/beanshell/releases/tag/2.0b6

VuXML ID

Description

9e5bbffc-d8ac-11e5-b2bd-002590263bf5

bsh -- remote code execution vulnerability

Stian Soiland-Reyes reports:

This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro MuÃ±oz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix!

An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source.

A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.

This update fixes the vulnerability in BeanShell, but it is worth noting that applications doing such deserialization might still be insecure through other libraries. It is recommended that application developers take further measures such as using a restricted class loader when deserializing. See notes on Java serialization security XStream security and How to secure deserialization from untrusted input without using encryption or sealing.

Discovery 2016-02-18
Entry 2016-02-21
bsh

< 2.0.b6

CVE-2016-2510
ports/207334
https://github.com/beanshell/beanshell/releases/tag/2.0b6