[jbosstools-issues] [JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
Mickael Istria (JIRA)
issues at jboss.org
Thu Nov 19 09:20:01 EST 2015
[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13130831#comment-13130831 ]
Mickael Istria commented on JBDS-3560:
--------------------------------------
The only feature in our TP that requires and provide org.apache.commons.collections is org.eclipse.jpt.jpa.feature. It is strictly tied to version 3.2.0.
JBDS includes this feature, so it transitively requires the 3.2.0 version of org.apache.commons.collections. I guess there is not much we can do before Mars.2.
> Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
> -------------------------------------------------------------------------
>
> Key: JBDS-3560
> URL: https://issues.jboss.org/browse/JBDS-3560
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Bug
> Components: upstream
> Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
> Reporter: Nick Boldt
> Assignee: Max Rydahl Andersen
> Fix For: 9.1.0.Beta1, 10.0.0.Alpha1
>
> Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt
>
>
> This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580
> Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list