CVE-2015-3253
CRITICAL9.8EPSS 69.7%groovy - security update
Published: 5/13/2022Modified: 4/28/2026
Description
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
Affected packages (4)
- Debian/groovyfrom 0, < 2.4.6-1
- Debian/groovyfrom 0, < 1.7.0-4+deb6u1
- Maven/org.codehaus.groovy:groovy>= 1.7.0, < 2.4.4
- Maven/org.codehaus.groovy:groovy-all>= 1.7.0, < 2.4.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (22)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3253
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3253
- PATCHhttps://github.com/apache/groovy
- WEBhttp://groovy-lang.org/security.html
- WEBhttp://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-0066.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:1376
- WEBhttps://access.redhat.com/errata/RHSA-2017:2486
- WEBhttps://access.redhat.com/errata/RHSA-2017:2596
- WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- WEBhttps://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed@%3Cnotifications.shardingsphere.apache.org%3E
- WEBhttps://security.gentoo.org/glsa/201610-01
- WEBhttps://security.netapp.com/advisory/ntap-20160623-0001
- WEBhttps://www.oracle.com/security-alerts/cpuapr2020.html
- WEBhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- WEBhttp://www.zerodayinitiative.com/advisories/ZDI-15-365