CVE-2015-6420
ADVISORY - githubSummary
Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.
EPSS Score: 0.0088 (0.828)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Deserialization of Untrusted Data
ADVISORY - github
Deserialization of Untrusted Data
ADVISORY - gitlab
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Deserialization of Untrusted Data
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in