finos
CVE-2015-3253 (Critical) detected in groovy-all-2.3.9.jar
CVE-2015-3253 - Critical Severity Vulnerability
Vulnerable Library - groovy-all-2.3.9.jar
Groovy: A powerful, dynamic language for the JVM
Path to dependency file: /docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy-all/2.3.9/eef909854b840bed787b3d9fc762b6fa20059e33/groovy-all-2.3.9.jar
Dependency Hierarchy:
- asciidoctorj-groovy-dsl-1.0.0.Alpha2.pom (Root Library)
- :x: groovy-all-2.3.9.jar (Vulnerable Library)
Found in HEAD commit: 8d1e24260d1985acc52e5d1710bcc43fcf3848ca
Found in base branch: master
Vulnerability Details
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
Publish Date: 2015-08-13
URL: CVE-2015-3253
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: http://groovy-lang.org/security.html
Release Date: 2015-08-13
Fix Resolution (org.codehaus.groovy:groovy-all): 2.4.4
Direct dependency fix Resolution (org.asciidoctor:asciidoctorj-groovy-dsl): 2.0.1
- [ ] Check this box to open an automated fix PR
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}