Lucene search

K
gentooGentoo FoundationGLSA-202107-37
HistoryJul 16, 2021 - 12:00 a.m.

Apache Commons Collections: Remote code execution

2021-07-1600:00:00
Gentoo Foundation
security.gentoo.org
90

0.026 Low

EPSS

Percentile

90.3%

Background

Apache Commons Collections extends the JCF classes with new interfaces, implementations and utilities.

Description

Some classes in the Apache Commons Collections functor package deserialized potentially untrusted input by default.

Impact

Deserializing untrusted input using Apache Commons Collections could result in remote code execution.

Workaround

There is no known workaround at this time.

Resolution

All Apache Commons Collections users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=dev-java/commons-collections-3.2.2"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/commons-collections< 3.2.2UNKNOWN

0.026 Low

EPSS

Percentile

90.3%