GHSA-6hgm-866r-3cjv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6hgm-866r-3cjv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-6hgm-866r-3cjv/GHSA-6hgm-866r-3cjv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6hgm-866r-3cjv
- Aliases
-
- CVE-2015-6420
- Published
- 2020-06-15T20:36:20Z
- Modified
- 2024-11-28T05:40:45.267146Z
- Summary
- Insecure Deserialization in Apache Commons Collection
- Details
-
Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.
- Database specific
{ "github_reviewed": true, "severity": "HIGH", "nvd_published_at": "2015-12-15T05:59:00Z", "github_reviewed_at": "2020-06-11T15:58:44Z", "cwe_ids": [ "CWE-502" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-6420
- https://arxiv.org/pdf/2306.05534
- https://github.com/apache/commons-collections
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
- https://www.kb.cert.org/vuls/id/581311
- https://www.tenable.com/security/research/tra-2017-14
- https://www.tenable.com/security/research/tra-2017-23
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/78872
Affected packages
Maven
org.apache.commons:commons-collections4
Package
- Name
- org.apache.commons:commons-collections4
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.commons/commons-collections4
commons-collections:commons-collections
Package
- Name
- commons-collections:commons-collections
- View open source insights on deps.dev
- Purl
- pkg:maven/commons-collections/commons-collections
net.sourceforge.collections:collections-generic
Package
- Name
- net.sourceforge.collections:collections-generic
- View open source insights on deps.dev
- Purl
- pkg:maven/net.sourceforge.collections/collections-generic
org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic
Package
- Name
- org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.collections-generic
org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections
Package
- Name
- org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections