Description
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Remediation
Upgrade to the latest version of JBoss.
References
Related Vulnerabilities
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)
Moveable Type 4.x unauthenticated remote command execution
Liferay version older than 7.1
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)