CVE Daily – Apache Groovy (High+Critical) https://cvedaily.com/pages/tags/apache-groovy.html CVE Daily – Apache Groovy (High+Critical) en Wed, 03 Jun 2026 21:27:12 +0000 [Critical] CVE-2016-6814 – When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2... https://nvd.nist.gov/vuln/detail/CVE-2016-6814 https://nvd.nist.gov/vuln/detail/CVE-2016-6814 Thu, 18 Jan 2018 18:29:00 +0000 Critical CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization an…

CVSS: 9.8 · CWE: CWE-502

View on NVD

]]> [Critical] CVE-2015-3253 – The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 thr... https://nvd.nist.gov/vuln/detail/CVE-2015-3253 https://nvd.nist.gov/vuln/detail/CVE-2015-3253 Thu, 13 Aug 2015 14:59:02 +0000 Critical CVE-2015-3253

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

CVSS: 9.8 · CWE: CWE-74

View on NVD

]]>