CVE-2016-2510

Priority
Description
BeanShell (bsh) before 2.0b6, when included on the classpath by an
application that uses Java serialization or XStream, allows remote
attackers to execute arbitrary code via crafted serialized data, related to
XThis.Handler.
Assigned-to
mdeslaur
Notes
Package
Source: bsh (LP Ubuntu Debian)
Upstream:released (2.0b6)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.0b4-15ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0b4-17ubuntu1)
Patches:
Upstream:https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
Upstream:https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
More Information

Updated: 2020-05-07 18:37:22 UTC (commit 3db3e0dddc92f0ed79599b5949ba82bc7a3031ed)