CVE-2016-6814

Name of the Vulnerable Software and Affected Versions Apache Groovy versions 1.7.0 through 2.4.3 Apache Groovy versions 2.4.4 through 2.4.7

Description The issue allows an attacker to execute code directly when a specially crafted serialized object is deserialized, potentially affecting applications that rely on serialization and do not isolate the deserialization code. This could be exploited when an application uses standard Java serialization mechanisms, such as communicating between servers or storing local data.

Recommendations For Apache Groovy versions 1.7.0 through 2.4.3, consider isolating the code that deserializes objects to minimize the risk of exploitation. For Apache Groovy versions 2.4.4 through 2.4.7, consider isolating the code that deserializes objects to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of standard Java serialization mechanisms until a patch is available.