Apache Synapse uses a vulnerable version of commons-collections. This allows attackers to exploit the use of the vulnerable library to perform remote code execution (RCE) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
apache synapse | le | 3.0.0 | |
apache synapse - core | le | 3.0.0 | |
apache synapse | le | 3.0.0 | |
apache synapse - core | le | 3.0.0 |
seclists.org/oss-sec/2017/q4/378
www.securityfocus.com/bid/102154
commons.apache.org/proper/commons-collections/security-reports.html
lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E
lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6@%3Ccommits.doris.apache.org%3E
security.gentoo.org/glsa/202107-37
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujul2020.html