Lucene search

K
osvGoogleOSV:GHSA-FJQ5-5J5F-MVXH
HistoryMay 13, 2022 - 1:25 a.m.

Deserialization of Untrusted Data in Apache commons collections

2022-05-1301:25:20
Google
osv.dev
12
apache
commons-collections
deserialization
code execution
remote attacker
arbitrary code
application permissions

EPSS

0.018

Percentile

88.4%

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.