CVE-2015-6420: Insecure Deserialization in Apache Commons Collection
7.5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.93945%
CWE
Published
6/15/2020
Updated
6/12/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.commons:commons-collections4 | maven | < 4.1 | 4.1 |
commons-collections:commons-collections | maven | < 3.2.2 | 3.2.2 |
net.sourceforge.collections:collections-generic | maven | <= 4.0.1 | |
org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic | maven | <= 4.01 | |
org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections | maven | <= 3.2.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The InvokerTransformer.transform()
method is identified as a vulnerable function based on its role in deserialization attacks exploiting the Apache Commons Collections library. This method's ability to invoke arbitrary methods on objects makes it a critical vulnerability point.