Lucene search
K

6 matches found

OSV
OSV
added 2022/05/13 1:25 a.m.5 views

GHSA-XPHJ-M9CC-8FMQ Deserialization of Untrusted Data in Groovy

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

9.8CVSS7.3AI score0.17239EPSS
Exploits1References15
GithubExploit
GithubExploit
added 2020/12/28 9:30 p.m.15 views

Exploit for Injection in Elastic Elasticsearch

CVE-2015-5377 Elasticsearch 1.5.2 is vulner...

9.8CVSS7.3AI score0.14863EPSS
Exploits2
OSV
OSV
added 2018/01/18 6:29 p.m.5 views

UBUNTU-CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

9.8CVSS7.4AI score0.17239EPSS
Exploits1References4
OSV
OSV
added 2018/01/18 6:29 p.m.1 views

DEBIAN-CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

9.8CVSS9.2AI score0.17239EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/02/14 4:41 p.m.2 views

Groovy: Remote code execution via deserialization

It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization an...

9.8CVSS8AI score0.17239EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2015/07/20 12:0 a.m.4 views

PT-2015-6124 · Apache +2 · Apache Groovy +2

Name of the Vulnerable Software and Affected Versions: Apache Groovy versions 1.7.0 through 2.4.3 Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. This is related to the deserialization of untrusted data in Apac...

9.8CVSS9.8AI score0.44303EPSS
Exploits5References49
Rows per page
Query Builder