Java Apache Commons Collections deserialization vulnerability
Project address: Collections – Download Apache Commons Collections
Local reproduction environment:
- jdk 1.7.0_80
- IDEA Project Structure ——> Projrct is set to 1.7
- IDEA Project Structure --> Moudles is set to 1.7
- Settings——>Build,Execution,Deployment——>Compiler——>Java
Compiler——>Target bytecode version设置成7 - Apache Commons Collections ≤ 3.2.1
Introduction to Apache Commons Collections
Apache Commons Collections is a third-party basic library that extends the Collection structure of the Java standard library. It provides many powerful data structure types and implements various collection tool classes. As an important component of the Apache open source project, Commons Collections is widely used in the development of various Java applications
Commons Collection