CVE-2007-6382 — Robocode Arbitrary Code Execution

Description

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the `SwingUtilities.invokeLater` method.

How to fix CVE-2007-6382

To remediate CVE-2007-6382, upgrade the affected package to a fixed version below.

Maven/net.sf.robocode:robocode.core—upgrade to 1.5.1 or later

Is CVE-2007-6382 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.5.1

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-6382
PATCHgithub.com/robo-code/robocode
WEBexchange.xforce.ibmcloud.com/vulnerabilities/39019
WEBgithub.com/robo-code/robocode/blob/1abe65b65c34a8eb3d23de8f037dafae3c548fa5/versions.md?plain=1#L1880-L1887