Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoZ20tODY2ci0zY2p2

Insecure Deserialization in Apache Commons Collection

Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.

Permalink: https://github.com/advisories/GHSA-6hgm-866r-3cjv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoZ20tODY2ci0zY2p2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: over 1 year ago


Identifiers: GHSA-6hgm-866r-3cjv, CVE-2015-6420
References: Blast Radius: 0.0

Affected Packages

maven:org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections
Dependent packages: 11
Dependent repositories: 45
Downloads:
Affected Version Ranges: <= 3.2.1
No known fixed version
All affected versions:
maven:org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic
Dependent packages: 3
Dependent repositories: 5
Downloads:
Affected Version Ranges: <= 4.01
No known fixed version
All affected versions:
maven:net.sourceforge.collections:collections-generic
Dependent packages: 83
Dependent repositories: 384
Downloads:
Affected Version Ranges: <= 4.0.1
No known fixed version
All affected versions:
maven:commons-collections:commons-collections
Dependent packages: 5,134
Dependent repositories: 63,019
Downloads:
Affected Version Ranges: < 3.2.2
Fixed in: 3.2.2
All affected versions: 2.1.1, 3.2.1
All unaffected versions: 3.2.2
maven:org.apache.commons:commons-collections4
Dependent packages: 3,801
Dependent repositories: 26,825
Downloads:
Affected Version Ranges: < 4.1
Fixed in: 4.1
All affected versions:
All unaffected versions: