CVE Daily
← All tags

Tag: Apache Groovy

All CVEs associated with "Apache Groovy". Page 1/1 • 3 CVEs.

About “Apache Groovy”

A curated feed of “Apache Groovy”-related CVEs appears below. We currently track 3 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 8.4 (all time), and 67% are rated High/Critical (all time). Top CWEs (all time): CWE-502 - Deserialization of Untrusted Data, CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: apache-groovy

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
5.05.0.6Unavailable-
4.04.0.32-
3.03.0.25-
2.52.5.23Unavailable Expired
2.42.4.21Unavailable- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Apache Groovy”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-12-07
Medium

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method c…

CVSS: 5.5 CWE: N/A View on NVD
2018-01-18
Critical

CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate betwee…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2015-08-13
Critical

CVE-2015-3253

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized obje…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox