Online Environmental Engineering tomcat lib which quoted commons-collections-3.2.1.jar, resulting in vulnerabilities produce, you need to download the commons-collections-3.2.2 to fix it.
Address official releas
http://commons.apache.org/proper/commons-collections/
Find the binary version
http://archive.apache.org/dist/commons/collections/binaries/
Download Note checksum hash value
reference:
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-32731/version_id-187982/Apache-Commons-Collections-3.2.1.html
https://www.cnblogs.com/mrhonest/p/10892254.html