CVE: 2015-6420 found in Apache Commons Collections - Version: 4.0 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Apache Commons Collections
Description	The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.
Language	JAVA
Vulnerability	Arbitrary Code Execution
Vulnerability description	Apache Commons Collections (ACC) library is vulnerable to Arbitrary Code Execution. The vulnerability is possible because it directly uses ACC, or contains ACC, in the classpath, which allows an attacker to gain read access to unnecessary information in debug messages by sending modified requests.
CVE	2015-6420
CVSS score	7.5
Vulnerability present in version/s	4.0-4.0
Found library version/s	4.0
Vulnerability fixed in version	4.1
Library latest version	4.4
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/3421?version=4.0
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/20692
• Patch: https://github.com/apache/commons-collections/commit/e585cd0433ae4cfbc56e58572b9869bd0c86b611

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54