Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections@3.2.1_1
purl pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections@3.2.1_1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-32uq-r1e7-3ub4
Aliases:
CVE-2015-7501
GHSA-fjq5-5j5f-mvxh
InvokerTransformer code execution during deserialization This package allows code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
3.2.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:49:55.472598+00:00 GitLab Importer Affected by VCID-32uq-r1e7-3ub4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections/CVE-2015-7501.yml 38.4.0
2026-04-11T23:05:57.093898+00:00 GitLab Importer Affected by VCID-32uq-r1e7-3ub4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections/CVE-2015-7501.yml 38.3.0
2026-04-02T23:14:11.669930+00:00 GitLab Importer Affected by VCID-32uq-r1e7-3ub4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections/CVE-2015-7501.yml 38.1.0
2026-04-01T17:34:12.183290+00:00 GitLab Importer Affected by VCID-32uq-r1e7-3ub4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections/CVE-2015-7501.yml 38.0.0