VDB

GCVE-110-MAGEIA-2017-333

GCVE-110-MAGEIA-2017-333
Advisory Published
Vulnetix · Advisory published September 7, 2017
When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability (CVE-2015-3253).

Affected Products

VendorProductVersionsPlatforms
Mageiagroovy180 (affected), 1.8.9-26.2.mga6 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›