From ce118c3af3c4c2e226e5a7a36623f42e06da176e Mon Sep 17 00:00:00 2001
From: Tim White <walton.timothy.james.white@gmail.com>
Date: Thu, 28 Sep 2023 13:55:41 +1300
Subject: [PATCH 1/4] Generated pov-project.json

---
 CVE-2015-7501/pov-project.json | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 CVE-2015-7501/pov-project.json

diff --git a/CVE-2015-7501/pov-project.json b/CVE-2015-7501/pov-project.json
new file mode 100644
index 0000000..462651e
--- /dev/null
+++ b/CVE-2015-7501/pov-project.json
@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2015-7501",
+  "artifact": "commons-collections:commons-collections",
+  "vulnerableVersions": [
+    "1.0",
+    "2.0",
+    "2.0.20020914.015953",
+    "2.0.20020914.020746",
+    "2.0.20020914.020858",
+    "2.1",
+    "2.1.1",
+    "3.0",
+    "3.0-dev2",
+    "3.1",
+    "3.2",
+    "3.2.1"
+  ],
+  "fixVersion": null,
+  "testSignalWhenVulnerable": "success",
+  "references": [
+    "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",
+    "https://github.com/advisories/GHSA-fjq5-5j5f-mvxh"
+  ]
+}

From f0b7058549b00db63998acee6052d00bbcbaba33 Mon Sep 17 00:00:00 2001
From: Tim White <walton.timothy.james.white@gmail.com>
Date: Thu, 28 Sep 2023 13:57:15 +1300
Subject: [PATCH 2/4] Add manually verified fixVersion

---
 CVE-2015-7501/pov-project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CVE-2015-7501/pov-project.json b/CVE-2015-7501/pov-project.json
index 462651e..a4cf3e0 100644
--- a/CVE-2015-7501/pov-project.json
+++ b/CVE-2015-7501/pov-project.json
@@ -15,7 +15,7 @@
     "3.2",
     "3.2.1"
   ],
-  "fixVersion": null,
+  "fixVersion": "3.2.2",
   "testSignalWhenVulnerable": "success",
   "references": [
     "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",

From a3c23a90de34df2acd8c69538261a263c0511127 Mon Sep 17 00:00:00 2001
From: Tim White <walton.timothy.james.white@gmail.com>
Date: Thu, 28 Sep 2023 13:57:49 +1300
Subject: [PATCH 3/4] Add jdkVersion for CVE-2015-7501

---
 CVE-2015-7501/pov-project.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CVE-2015-7501/pov-project.json b/CVE-2015-7501/pov-project.json
index a4cf3e0..b976682 100644
--- a/CVE-2015-7501/pov-project.json
+++ b/CVE-2015-7501/pov-project.json
@@ -16,6 +16,7 @@
     "3.2.1"
   ],
   "fixVersion": "3.2.2",
+  "jdkVersion": "8",
   "testSignalWhenVulnerable": "success",
   "references": [
     "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",

From 25a9cc42618a014915a87d60e9c2060cc3926971 Mon Sep 17 00:00:00 2001
From: Tim White <walton.timothy.james.white@gmail.com>
Date: Thu, 28 Sep 2023 14:01:15 +1300
Subject: [PATCH 4/4] Update README

---
 CVE-2015-7501/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CVE-2015-7501/README.md b/CVE-2015-7501/README.md
index 1011251..2e5e8f2 100644
--- a/CVE-2015-7501/README.md
+++ b/CVE-2015-7501/README.md
@@ -3,7 +3,7 @@
 The payload and test used is based on 
 [ysoserial](https://github.com/frohoff/ysoserial), `ysoserial.payloads.CommonsCollections5.java`.
 
-
+Requires JDK 8. Succeeds (indicating vulnerability) at `3.2.1`; fails (indicating no vulnerability) at `3.2.2`.