DEBIAN-CVE-2023-50572

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM OutofMemory error...

Crafter CMS 访问控制错误漏洞

An access control error vulnerability exists in Crafter CMS, an open source content management system CMS for digital experience applications, which stems from a system that does not validate groovy scripts. An attacker with administrator, developer privileges could use the groovy lib to render...

Groovy: Remote code execution via deserialization

It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization an...

Scientific Linux Security Update : groovy on SL7.x (noarch) (20170817)

Security Fixes : - It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely ...

Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...