Google has revealed its emergency patching efforts to fix a widespread and “pernicious” software vulnerability that affected thousands of open source projects in 2015.
Referred to as “Mad Gadget” by Google (aka the Java “Apache Commons Collections Deserialization Vulnerability” CVE 2015-6420), the flaw was first highlighted by FoxGlove Security in November of that year, months after the first proof-of-concept code garnered almost zero attention.
