UBUNTU-CVE-2016-6814

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-6814

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6814.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6814

Related

Published

2018-01-18T18:29:00Z

Modified

2024-10-15T14:05:53Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / groovy

Package

Name: groovy
Purl: pkg:deb/ubuntu/groovy?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.0~beta2+isreally1.8.6-4ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / groovy2

Package

Name: groovy2
Purl: pkg:deb/ubuntu/groovy2?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.5-1ubuntu0.1~esm1

Affected versions

2.*

2.4.3+dfsg-2ubuntu1

2.4.3+dfsg-3

2.4.5-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.4.5-1ubuntu0.1~esm1",
            "binary_name": "groovy2"
        },
        {
            "binary_version": "2.4.5-1ubuntu0.1~esm1",
            "binary_name": "groovy2-doc"
        }
    ]
}