VDB

RHSA-2016%3A0066

RHSA-2016%3A0066 PUBLISHED CVSS 9.600000381469727 CRITICAL

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.

Risk Scores

CVSS 3.0
9.600000381469727
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Data Virtualization 6.2

Timeline

  • Jan 25, 2016 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›