org.apache.commons:commons-collections4@4.0 vulnerabilities
-
latest version
4.5.0-M1
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
a month ago
-
licenses detected
- [4.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.commons:commons-collections4 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.commons:commons-collections4 is an Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible to execute arbitrary Java code with the NOTE: This vulnerability has also been identified as: CVE-2015-4852 How to fix Deserialization of Untrusted Data? Upgrade |
[4.0,4.1)
|
org.apache.commons:commons-collections4 is an Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible to execute arbitrary Java code with the NOTE: This vulnerability has also been identified as: CVE-2015-7501 How to fix Deserialization of Untrusted Data? Upgrade |
[4.0,4.1)
|