线上环境tomcat工程lib里面引用了commons-collections-3.2.1.jar,导致漏洞产生,需要下载commons-collections-3.2.2进行修复。
官方releas地址
http://commons.apache.org/proper/commons-collections/
找到二进制版本
http://archive.apache.org/dist/commons/collections/binaries/
下载注意校验哈希值
参考:
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-32731/version_id-187982/Apache-Commons-Collections-3.2.1.html
https://www.cnblogs.com/mrhonest/p/10892254.html