roikku / swift-explorer

User-friendly tool to manage files in an OpenStack Storage system (SWIFT)
http://www.619.io/swift-explorer
Apache License 2.0
66 stars 21 forks source link

Upgrade Apache Commons Collections to v3.2.2 #62

Closed bogosj closed 8 years ago

bogosj commented 8 years ago

Version 3.2.1 has a CVSS 10.0 vulnerability. That's the worst kind of vulnerability that exists. By merely existing on the classpath, this library causes the Java serialization parser for the entire JVM process to go from being a state machine to a turing machine. A turing machine with an exec() function!

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8103 https://commons.apache.org/proper/commons-collections/security-reports.html http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

roikku commented 8 years ago

Thanks James, for the pull request.

bogosj commented 8 years ago

You're welcome.