Apache Commons Collections: Remote code execution

Apache Commons Collections: Remote code execution Apache Commons Collections unsafely deserializes untrusted input, potentially resulting in arbitrary code execution. commons-collections 2021-07-16 2021-07-16 739348 remote 3.2.2 3.2.2

Apache Commons Collections extends the JCF classes with new interfaces, implementations and utilities.

Some classes in the Apache Commons Collections functor package deserialized potentially untrusted input by default.

Deserializing untrusted input using Apache Commons Collections could result in remote code execution.

There is no known workaround at this time.

All Apache Commons Collections users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/commons-collections-3.2.2"

CVE-2017-15708 ajak ajak