Apache Commons Collections Java Library Vulnerability

Original release date: November 13, 2015

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution.

US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and apply the necessary mitigations.


This product is provided subject to this Notification and this Privacy & Use policy.

Source: US-CERT