Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-3560

Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 9.1.0.CR1, 10.0.0.Alpha1
    • 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1
    • upstream
    • None

    Description

      This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580

      Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-20976 Create and use Neon M4 target platform (was: Versions of 3rd party plugins in JBDS 10 are LESS than in JBDS 9)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-21118 Update 4.60.x TP to m2e 1.7 (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBIDE-21119 Update 4.5y.x TP to m2e 1.6.x (with fix for apache commons collections 3.2.2 / COLLECTIONS-580 / JBDS-3560)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Used to indicate the smallest unit of work for a team to complete and is end user-facing. Created by Jira Software - do not edit or delete. DEVELOPER-1435 Add JBDS 9.0.0.GA-CVE-2015-7501 to https://www.jboss.org/products/devstudio/

          • Done

          Task - Represents a small unit of work that is not end-user facing. JBDS-3570 Include eap-6.4-CVE-2015-7501 into JBDS installer

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          Web Link dali exploit

          Web Link https://bugs.eclipse.org/bugs/show_bug.cgi?id=482130

          Activity

            People

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: