Hi guys,
Recently, I've been researching about one vulnerability in the Apache Commons Collection library, related to deserialization of data coming from 'untrusted sources'. First, it is confusing to me what 'untrusted' stands for. I wouldn't say it is about the security layer, because to me it is more about 'safety' than trustness.
Anyway, the fact is that both gs-openspaces and hibernate core depends on this library, both as part of the XAP bundle.
So, my point is: although I don't use this vulnerable class directly in my code, should I worry about it? Under the hoods, is XAP making use of it in any way that would make an processing unit insecure? Is there any report from Gigaspaces in this regard?
A link to contextualize the problem is here: www.kb.cert.org/vuls/id/576313
Cheers,
Pedro
↧