SamHeadrickCx / JavaVulnerableLab-1

lab
GNU General Public License v2.0
0 stars 0 forks source link

CX: CVE-2016-2170 in Maven-commons-collections:commons-collections and 3.2.1 @ JavaVulnerableLab-1.refs/heads/master #51

Open github-actions[bot] opened 1 month ago

github-actions[bot] commented 1 month ago

Description

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0.

HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master

Vulnerability ID: CVE-2016-2170

Package Name: commons-collections:commons-collections

Severity: HIGH

CVSS Score: 9.8

Publish Date: 2016-04-12T14:59:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.2.2

Link To SCA

Reference – NVD link

github-actions[bot] commented 4 days ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.