Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
1.4.1 Release
-
None
-
None
-
None
Description
I copied this issue from a different project since it also impacts commons-validator.
Read: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
TL;DR: If you have commons-collections on your classpath and accept and process Java object serialization data, then you probably have an exploitable remote command execution vulnerability.
The Commons Collection dependency should be upgraded to the latest version (4.1) to remediate this vulnerability.
Attachments
Issue Links
- is related to
-
VALIDATOR-381 Update commons-collections from 3.2.1 to 3.2.2
- Closed