[jbosstools-issues] [JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
Alexey Kazakov (JIRA)
issues at jboss.org
Mon Nov 16 19:51:00 EST 2015
[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13129488#comment-13129488 ]
Alexey Kazakov commented on JBDS-3560:
--------------------------------------
This issue should be reported to Eclipse bugzilla as well. org.apache.commons.collections plugin should be updated upstream in Eclipse as soon as apache fix the problem. Then we should update it in JBDS/JBT target platform.
> Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
> -------------------------------------------------------------------------
>
> Key: JBDS-3560
> URL: https://issues.jboss.org/browse/JBDS-3560
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Bug
> Components: upstream
> Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
> Reporter: Nick Boldt
> Assignee: Max Rydahl Andersen
> Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png
>
>
> This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580
> Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list