[jbosstools-issues] [JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
Martin Malina (JIRA)
issues at jboss.org
Thu Feb 25 06:07:02 EST 2016
[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Malina closed JBDS-3560.
-------------------------------
I checked once again that the updated 3.2.2 version of the jar is included in all of the relevant TPs:
http://download.jboss.org/jbosstools/targetplatforms/jbosstoolstarget/4.60.0.Alpha1-SNAPSHOT/REPO/plugins/
http://download.jboss.org/jbosstools/targetplatforms/jbosstoolstarget/4.52.0.CR1-SNAPSHOT/REPO/plugins/
http://download.jboss.org/jbosstools/targetplatforms/jbosstoolstarget/4.50.2.CR1-SNAPSHOT/REPO/plugins/
Also, I checked that in JBDS 9.1.0.CR1 B354 the correct version is included.
Closing.
> Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)
> -------------------------------------------------------------------------
>
> Key: JBDS-3560
> URL: https://issues.jboss.org/browse/JBDS-3560
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Bug
> Components: upstream
> Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
> Reporter: Nick Boldt
> Assignee: Nick Boldt
> Fix For: 9.1.0.CR1, 10.0.0.Alpha1
>
> Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt
>
>
> This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580
> Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list