SamHeadrickCx / JavaVulnerableLab-1

lab
GNU General Public License v2.0
0 stars 0 forks source link

CX: CVE-2015-7501 in Maven-commons-collections:commons-collections and 3.2.1 @ JavaVulnerableLab-1.refs/heads/master #50

Open github-actions[bot] opened 1 month ago

github-actions[bot] commented 1 month ago

Description

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0.

HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master

Vulnerability ID: CVE-2015-7501

Package Name: commons-collections:commons-collections

Severity: HIGH

CVSS Score: 9.8

Publish Date: 2017-11-09T17:29:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.2.2

Link To SCA

Reference – NVD link

github-actions[bot] commented 4 days ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.