beniisan / JavaVulnLab_Cx

GNU General Public License v2.0
0 stars 0 forks source link

CX: Cx78f40514-81ff in Maven-commons-collections:commons-collections and 3.2.1 @ JavaVulnLab_Cx.${basename #43

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Description

The framework Apache Commons Collections before 4.3 is vulnerable to Stack Overflow. The function add() in the file src/main/java/org/apache/commons/collections4/list/SetUniqueList.java throws a StackOverflowError when the add() method is called with its own list. To resolve this issue - upgrade to version 4.3. Please note: the package name was changed to org.apache.commons:commons-collections4 on version 4.0.

HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch ${basename

Vulnerability ID: Cx78f40514-81ff

Package Name: commons-collections:commons-collections

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2018-10-31T10:39:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation:

Link To SCA

github-actions[bot] commented 3 years ago

Issue still exists.