VDB

GCVE-VVD-MAGEIA-2017-311

GCVE-VVD-MAGEIA-2017-311
Advisory Published
Vulnetix · Advisory published August 26, 2017
It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability (CVE-2016-6814).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiagroovy180 (affected), 1.8.9-26.1.mga6 (unaffected)
Mageiagroovy0 (affected), 1.8.9-5.2.mga5 (unaffected)

Aliases

CVE-2016-6814

Transitive aliases

VVD-GENTOO-2017-605690GHSA-xphj-m9cc-8fmqEUVD-2022-5835

References

Updated groovy and groovy18 packages fix security vulnerability
advisory
Updated groovy and groovy18 packages fix security vulnerability
issue
Updated groovy and groovy18 packages fix security vulnerability
issue
Updated groovy and groovy18 packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›