GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Jul 16, 2021 4:26 am Post subject: [ GLSA 202107-37 ] Apache Commons Collections |
 |
|
Gentoo Linux Security Advisory
Title: Apache Commons Collections: Remote code execution (GLSA 202107-37)
Severity: normal
Exploitable: remote
Date: 2021-07-16
Bug(s): #739348
ID: 202107-37
Synopsis
Apache Commons Collections unsafely deserializes untrusted input,
potentially resulting in arbitrary code execution.
Background
Apache Commons Collections extends the JCF classes with new interfaces,
implementations and utilities.
Affected Packages
Package: dev-java/commons-collections
Vulnerable: < 3.2.2
Unaffected: >= 3.2.2
Architectures: All supported architectures
Description
Some classes in the Apache Commons Collections functor package
deserialized potentially untrusted input by default.
Impact
Deserializing untrusted input using Apache Commons Collections could
result in remote code execution.
Workaround
There is no known workaround at this time.
Resolution
All Apache Commons Collections users should upgrade to the latest
version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=dev-java/commons-collections-3.2.2"
|
References
CVE-2017-15708
Last edited by GLSA on Sat Jan 22, 2022 5:08 am; edited 2 times in total |
|
News & Announcements
