Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-869

Vulnerability in dependency: commons-collections:3.2.1

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.x, 2.0
    • Component/s: Build
    • Labels:
      None

      Description

      There is an arbitrary remote code execution bug in commons-collections, tracked by COLLECTIONS-580. Updating to the version where this bug is fixed, 3.2.2, will help downstream libraries (like avro-ipc) from pulling in the bad version. Thanks!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sdumitriu Sergiu Dumitriu
                Reporter:
                rdblue Ryan Blue
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: