It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Deserialization of Untrusted Data
Deserialization of Untrusted Data
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Deserialization of Untrusted Data
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
3.9
3.9
-
3.9
-
-
-
-
-
-
CVE-2015-7501
-