[jbosstools-issues] [JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580) ------------------------------------------------------------------------- Key: JBDS-3560 URL: https://issues.jboss.org/browse/JBDS-3560 Project: Developer Studio (JBoss Developer Studio) Issue Type: Bug Components: upstream Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1 Reporter: Nick Boldt Assignee: Nick Boldt Fix For: 9.1.0.CR1, 10.0.0.Alpha1 Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580 Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer