Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.
Deserialization of Untrusted Data
Deserialization of Untrusted Data
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Deserialization of Untrusted Data
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
10
-