Brandon Kite created VALIDATOR-383:
--------------------------------------

             Summary: Commons-collections object deserialization remote command 
execution vulnerability
                 Key: VALIDATOR-383
                 URL: https://issues.apache.org/jira/browse/VALIDATOR-383
             Project: Commons Validator
          Issue Type: Bug
    Affects Versions: 1.4.1 Release
            Reporter: Brandon Kite


I copied this issue from a different project since it also impacts 
commons-validator.

Read: 
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
TL;DR: If you have commons-collections on your classpath and accept and process 
Java object serialization data, then you probably have an exploitable remote 
command execution vulnerability.

The Commons Collection dependency should be upgraded to the latest version 
(4.1) to remediate this vulnerability.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to