CVE-2016-6814
Description
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
25.712
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-6814 are fixed in Groovy-groovy 2.4.8 | Windows |
| Vulnerabilities CVE-2016-6814 are fixed in Groovy-groovy-all 2.4.8 | Windows |
| (RHSA-2017:2486) Important: groovy security update groovy-1.8.9-8.el7_4.noarch.rpm | Linux |
| (RHSA-2017:2486) Important: groovy security update groovy-javadoc-1.8.9-8.el7_4.noarch.rpm | Linux |
| Groovy update (ELSA-2017-2486) groovy-1.8.9-8.el7_4.noarch.rpm | Linux |
| Groovy-javadoc update (ELSA-2017-2486) groovy-javadoc-1.8.9-8.el7_4.noarch.rpm | Linux |
| (CESA-2017:2486) Important: groovy security update groovy-1.8.9-8.el7_4.noarch.rpm | Linux |
| (CESA-2017:2486) Important: groovy security update groovy-javadoc-1.8.9-8.el7_4.noarch.rpm | Linux |
| Vulnerabilities CVE-2016-6814 are fixed in Groovy-groovy for Linux 2.4.8 | Linux |
| Vulnerabilities CVE-2016-6814 are fixed in Groovy-groovy-all for Linux 2.4.8 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234