VDB

GCVE-110-MAGEIA-2015-296

GCVE-110-MAGEIA-2015-296
Advisory Published
Vulnetix · Advisory published July 30, 2015
When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability (CVE-2015-3253).

Affected Products

VendorProductVersionsPlatforms
Mageiagroovy0 (affected), 1.8.7-3.1.mga4 (unaffected)
Mageiagroovy0 (affected), 1.8.9-5.1.mga5 (unaffected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›