Search for packages
| purl | pkg:rpm/redhat/rhvm-dependencies@4.3.2-1?arch=el7ev |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bhq3-j6aj-1yae
Aliases: CVE-2019-10086 GHSA-6phf-73q6-gh87 |
Insecure Deserialization in Apache Commons Beanutils In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | There are no reported fixed by versions. |
|
VCID-vyx8-csfk-nqd1
Aliases: CVE-2019-17195 GHSA-f6vf-pq8c-69m4 |
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:17:05.512344+00:00 | RedHat Importer | Affected by | VCID-bhq3-j6aj-1yae | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10086.json | 38.0.0 |
| 2026-04-01T14:15:45.767942+00:00 | RedHat Importer | Affected by | VCID-vyx8-csfk-nqd1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17195.json | 38.0.0 |