[jbosstools-issues] [JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
[
https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin....
]
Nick Boldt commented on JBDS-3560:
----------------------------------
Applied in both 4.50.x and 4.51.x, and the 4.60.x branches.
Building 3 target platforms :
4.50.1.CR1-SNAPSHOT
4.51.1.CR1-SNAPSHOT
4.60.0.Alpha1-SNAPSHOT
https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/jbosstoolstargetplat...
>=472
Arbitrary remote code execution with InvokerTransformer
(COLLECTIONS-580)
-------------------------------------------------------------------------
Key: JBDS-3560
URL: https://issues.jboss.org/browse/JBDS-3560
Project: Developer Studio (JBoss Developer Studio)
Issue Type: Bug
Components: upstream
Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
Reporter: Nick Boldt
Assignee: Max Rydahl Andersen
Fix For: 9.1.0.Beta1, 10.0.0.Alpha1
Attachments: apache-commons-collections-in-JBDS7,8,9,10.png,
apache-commons-collections-in-JBDS7,8,9,10_refs1.png,
apache-commons-collections-in-JBDS7,8,9,10_refs10.png,
apache-commons-collections-in-JBDS7,8,9,10_refs7.png,
apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png,
apache-commons-collections-in-JBDS7,8,9,10_refs8.png,
apache-commons-collections-in-JBDS7,8,9,10_refs9.png,
orbit.R20150519210750_vs_I20151117200049.log.txt,
orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt
This is a container issue to wrap & track
https://issues.apache.org/jira/browse/COLLECTIONS-580
Problem is that JBDS 9 (and probably 8 and 10 too) include
org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580
- Arbitrary remote code execution with InvokerTransformer
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)