[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

Friday, 18 December 2015

    [
https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin....
] 

Rob Stryker commented on JBDS-3560:
-----------------------------------

[~akazakov]  Should this be 9.1.0.Beta2?  Currently targeted 9.0.0.Beta2

...
 Arbitrary remote code execution with InvokerTransformer
(COLLECTIONS-580)
 -------------------------------------------------------------------------

                 Key: JBDS-3560
                 URL: https://issues.jboss.org/browse/JBDS-3560
             Project: Developer Studio (JBoss Developer Studio)
          Issue Type: Bug
          Components: upstream
    Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
            Reporter: Nick Boldt
            Assignee: Nick Boldt
             Fix For: 9.0.0.Beta2, 10.0.0.Alpha1

         Attachments: apache-commons-collections-in-JBDS7,8,9,10.png,
apache-commons-collections-in-JBDS7,8,9,10_refs1.png,
apache-commons-collections-in-JBDS7,8,9,10_refs10.png,
apache-commons-collections-in-JBDS7,8,9,10_refs7.png,
apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png,
apache-commons-collections-in-JBDS7,8,9,10_refs8.png,
apache-commons-collections-in-JBDS7,8,9,10_refs9.png,
orbit.R20150519210750_vs_I20151117200049.log.txt,
orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt

 This is a container issue to wrap & track
https://issues.apache.org/jira/browse/COLLECTIONS-580
 Problem is that JBDS 9 (and probably 8 and 10 too) include
org.apache.commons.collections	3.2.0.v2013030210310, which is affected by COLLECTIONS-580
- Arbitrary remote code execution with InvokerTransformer 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006