[jbosstools-issues] [JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

Nick Boldt (JIRA) issues at jboss.org
Wed Nov 18 14:36:00 EST 2015 

    [ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13130475#comment-13130475 ] 

Nick Boldt commented on JBDS-3560:
----------------------------------

Here's the new jar: http://download.eclipse.org/tools/orbit/downloads/drops/I20151117200049/repository/plugins/org.apache.commons.collections_3.2.2.v201511171945.jar
and the old one: http://download.jboss.org/jbosstools/updates/requirements/orbit/R20150519210750/plugins/org.apache.commons.collections_3.2.0.v2013030210310.jar
or their sources:
http://download.jboss.org/jbosstools/updates/requirements/orbit/R20150519210750/plugins/org.apache.commons.collections.source_3.2.0.v2013030210310.jar
http://download.eclipse.org/tools/orbit/downloads/drops/I20151117200049/repository/plugins/org.apache.commons.collections.source_3.2.2.v201511171945.jar

New Orbit mirror:

http://download.jboss.org/jbosstools/updates/requirements/orbit/I20151117200049



> Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
> -------------------------------------------------------------------------
>
>                 Key: JBDS-3560
>                 URL: https://issues.jboss.org/browse/JBDS-3560
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>          Components: upstream
>    Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
>            Reporter: Nick Boldt
>            Assignee: Max Rydahl Andersen
>             Fix For: 9.1.0.Beta1, 10.0.0.Alpha1
>
>         Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png
>
>
> This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580
> Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections	3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jbosstools-issues mailing list