Apache Commons Collections Java Library Vulnerability

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution.

US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.