{"url":"http://public2.vulnerablecode.io/api/packages/62785?format=json","purl":"pkg:maven/net.sourceforge.collections/collections-generic@4.0.1","type":"maven","namespace":"net.sourceforge.collections","name":"collections-generic","version":"4.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39125?format=json","vulnerability_id":"VCID-d35k-bj2z-ayg9","summary":"InvokerTransformer code execution during deserialization\nThis package allows code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.","references":[{"reference_url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/","reference_id":"","reference_type":"","scores":[],"url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1773.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1773.html"},{"reference_url":"https://access.redhat.com/security/vulnerabilities/2059393","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/vulnerabilities/2059393"},{"reference_url":"https://access.redhat.com/solutions/2045023","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/solutions/2045023"},{"reference_url":"https://arxiv.org/pdf/2306.05534.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://arxiv.org/pdf/2306.05534.pdf"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1279330","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1279330"},{"reference_url":"https://commons.apache.org/proper/commons-collections/release_4_1.html","reference_id":"","reference_type":"","scores":[],"url":"https://commons.apache.org/proper/commons-collections/release_4_1.html"},{"reference_url":"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/","reference_id":"","reference_type":"","scores":[],"url":"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"},{"reference_url":"https://issues.apache.org/jira/browse/COLLECTIONS-580.","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/COLLECTIONS-580."},{"reference_url":"https://sourceforge.net/p/collections/code/HEAD/tree/","reference_id":"","reference_type":"","scores":[],"url":"https://sourceforge.net/p/collections/code/HEAD/tree/"},{"reference_url":"https://github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501","reference_id":"CVE-2015-7501","reference_type":"","scores":[],"url":"https://github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7501","reference_id":"CVE-2015-7501","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7501"},{"reference_url":"https://github.com/advisories/GHSA-fjq5-5j5f-mvxh","reference_id":"GHSA-fjq5-5j5f-mvxh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fjq5-5j5f-mvxh"}],"fixed_packages":[],"aliases":["CVE-2015-7501","GHSA-fjq5-5j5f-mvxh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d35k-bj2z-ayg9"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/net.sourceforge.collections/collections-generic@4.0.1"}