CVE-2015-6420
Insecure Deserialization in Apache Commons Collection
EPSS 21.2%
Description
Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.
How to fix CVE-2015-6420
To remediate CVE-2015-6420, upgrade the affected package to a fixed version below.
- Maven/commons-collections:commons-collections—upgrade to 3.2.2 or later
- Maven/net.sourceforge.collections:collections-generic—no fix listed
- Maven/org.apache.commons:commons-collections4—upgrade to 4.1 or later
- —no fix listed
- —no fix listed
Is CVE-2015-6420 being exploited?
Moderate — EPSS is 21.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 3.2.2
- from 0, <= 4.0.1
- from 0, < 4.1
- from 0, <= 4.01
- from 0, <= 3.2.1