OSS Index Helpclose
An open index of open source

 Welcome to the Maven Start Page

Posted by OSS-Index on May 18, 2016

Quick access to Maven auditing tools, search, and recent Maven activity on OSS Index.

 Recent news...


Maven package vulnerability: jython-standalone

Arbitrary Code Execution
Sun Jun 25 22:43:51 EDT 2017

> Affected versions of this package are vulnerable to Arbitrary Code Execution by sending a serialized function to the deserializer, which in turn will execute the code. > > – snyk.io




Maven package vulnerability: commons-collections

Arbitrary Code Execution during Deserialization
Wed Jun 21 21:11:02 EDT 2017

> It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. > > – snyk.io




Maven package vulnerability: tika-bundle

Denial Of Service (DoS)
Wed Jun 21 21:10:45 EDT 2017

> Affected versions of the package are vulnerable to Denial Of Service (DoS). > > – snyk.io




Maven package vulnerability: commons-collections4

Arbitrary Code Execution during Deserialization
Wed Jun 21 21:05:38 EDT 2017

> org.apache.commons:commons-collections4 It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. > > – snyk.io




Maven package vulnerability: struts2-core

Manipulation of Struts' internals
Wed Jun 21 21:04:53 EDT 2017

> org.apache.struts:struts2-core ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. > > – snyk.io