Components Vulnerabilities Pricing MCP API

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

com.versionone/VersionOne.SDK.Java.APIClie… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

Sign up for free

VersionOne.SDK.Java.APIClient

15.2.0

VersionOne.SDK.Java.APIClient 15.2.0

com.versionone

PublishedMar 14, 2016•Policy

compliance

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (3)

High (9)

Medium (3)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

8.8CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

PublishedMay 28, 2025

8.7sonatype-2024-3350

commons-collections - Uncontrolled Recursion

PublishedAug 13, 2024

7.5CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

7.5CVE-2023-5072

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

PublishedOct 13, 2023

7.5CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

PublishedDec 14, 2022

7.5sonatype-2022-3061

JSON-java - Denial of Service (DoS)

PublishedMay 24, 2022

9.1CVE-2021-26291

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

SeverityCritical

5.3CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

PublishedOct 14, 2020

5.3sonatype-2018-0705

commons-io - Path Traversal [CVE-2021-29425]

PublishedAug 19, 2020

8.6sonatype-2015-0173

plexus-utils - XML Injection [CVE-2022-4245]

PublishedJan 10, 2018

9.8CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

SeverityCritical

PublishedJan 9, 2018

5.3sonatype-2012-0050

commons-codec - Base32 would decode some invalid Base32 encoded string into arbitrary value

PublishedNov 22, 2017

7.5sonatype-2017-0359

org.apache.httpcomponents:httpclient - Directory Traversal

PublishedSep 25, 2017

9.0sonatype-2015-0002

commons-collections - Arbitrary Remote Code Execution due to Unsafe Deserialization

SeverityCritical

PublishedMar 28, 2017

7.5CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Published

Jan 24, 2024

PublishedApr 9, 2021

Published

Mar 28, 2017