search

5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2015-6420 found in Apache Commons Collections - Version: 4.0 [JAVA] #4

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Apache Commons Collections
Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.
Language JAVA
Vulnerability Arbitrary Code Execution
Vulnerability description commons-collections is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary commands via a malicious serialized Java object.
CVE 2015-6420
CVSS score 7.5
Vulnerability present in version/s 4.0-4.0
Found library version/s 4.0
Vulnerability fixed in version 4.1
Library latest version 4.4
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2