Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Back to All

CVE

CVE-2015-7501

Deserialization of Untrusted Data in Apache commons collections

Description

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Base CVSS

9.8

EPSS Score

72.94%

Introduced Version

Fix Available

3.2.2,4.1

Fix without Upgrading

Available Patches

Package

CVEs Fixed

Lines of Code Changed

Package Name

org.apache.commons:commons-collections4

References

https://sourceforge.net/p/collections/code/HEAD/tree

https://commons.apache.org/proper/commons-collections/release_4_1.html

https://access.redhat.com/solutions/2045023

https://issues.apache.org/jira/browse/COLLECTIONS-580.

https://nvd.nist.gov/vuln/detail/CVE-2015-7501

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://arxiv.org/pdf/2306.05534.pdf

https://github.com/apache/commons-collections

https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=1279330

https://access.redhat.com/security/vulnerabilities/2059393

https://github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501

AppSec for the Software Development Revolution

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether it was written by humans or AI.

Welcome to the resistance

Oops! Something went wrong, please try again.