19 matches found
K49233165: Apache Groovy vulnerability CVE-2015-3253
Security Advisory Description The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. CVE-2015-3253 Impact This vulnerability could allow a remote...
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
GHSA-QG25-HGJV-CG9Q Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
Remote Code Execution Through Object Deserialization
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Apache Groovy 2.4.4 is the first and only supported release under the Apache Software...
Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on implementation. The specific flaw exists within the handling of...
Important: Red Hat Security Advisory: rh-maven33-groovy security update
An update for rh-maven33-groovy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Remote Execution Through Object Deserialization
Apache Groovy is vulnerable to remote execution.The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.7 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. Note this is similar to CVE-2015-3253 but this...
Groovy: Arbitrary code execution
Background A multi-faceted language for the Java platform Description Groovy’s MethodClosure class, in runtime/MethodClosure.java, is vulnerable to a crafted serialized object. Impact Remote attackers could potentially execute arbitrary code, or cause Denial of Service condition Workaround A...
groovy: remote execution of untrusted code in class MethodClosure
A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...
Xstream Deserializable Vulnerablity And Groovy(CVE-2 0 1 5-3 2 5 3-a vulnerability warning-the black bar safety net
The sequence of issues looks like in the recent outbreak of very frequently, recently there are friends asking me about this two-day outbreak of Xstream build deserialization vulnerabilities, the company recently very busy, but catch up on the weekend just take the time to see, in fact, this time...
Apache Groovy MethodClosure 远程代码执行漏洞(CVE-2015-3253)
问题大概出现在了 MethodClosure 类上, 该类定义以及方法如下图: 该类的描述为 Represents a method on an object using a closure which can be invoked at any time, 大概意思就是通过构建一个指定对象以及调用方法的Closure 的实例并且可以在任何时候进行调用。上图红色线标记的方法即为触发构建好的对象以及指定方法的函数,我们跟进看看该方法最终是怎么样执行的。 通过该方法的注释可以知道该方法的作用为调用指定对象的指定方法,所以 MethodClosure 类中构造方法中的两个参数的意思为 owne...
CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
DEBIAN-CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
Information disclosure
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
UBUNTU-CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
CVE-2015-3253
CVE-2015-3253 affects Apache Groovy 1.7.0–2.4.3. The vulnerability resides in deserialization via crafted serialized objects in the MethodClosure.java runtime, enabling remote code execution or DoS. Exploitation was reported across multiple advisories; F5 and other vendors reference the same issu...
CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...
CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...