Skip to content

Commit

Permalink
Merge pull request #31 from jensdietrich/metadata-for-cve-2015-7501
Browse files Browse the repository at this point in the history 
Metadata for CVE-2015-7501
  • Loading branch information
@wtwhite
wtwhite committed Sep 28, 2023
2 parents 108632b + 25a9cc4 commit c48b4b2
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
2 changes: 1 addition & 1 deletion CVE-2015-7501/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
The payload and test used is based on
[ysoserial](https://github.com/frohoff/ysoserial), `ysoserial.payloads.CommonsCollections5.java`.


Requires JDK 8. Succeeds (indicating vulnerability) at `3.2.1`; fails (indicating no vulnerability) at `3.2.2`.



Expand Down
25 changes: 25 additions & 0 deletions CVE-2015-7501/pov-project.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"id": "CVE-2015-7501",
"artifact": "commons-collections:commons-collections",
"vulnerableVersions": [
"1.0",
"2.0",
"2.0.20020914.015953",
"2.0.20020914.020746",
"2.0.20020914.020858",
"2.1",
"2.1.1",
"3.0",
"3.0-dev2",
"3.1",
"3.2",
"3.2.1"
],
"fixVersion": "3.2.2",
"jdkVersion": "8",
"testSignalWhenVulnerable": "success",
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-7501",
"https://github.com/advisories/GHSA-fjq5-5j5f-mvxh"
]
}

0 comments on commit c48b4b2

Please sign in to comment.