VYPR
Get started
← All advisories
Critical severity9.8NVD Advisory· Published Aug 13, 2015· Updated May 6, 2026

CVE-2015-3253

CVE-2015-3253

Description

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.codehaus.groovy:groovyMaven
>= 1.7.0, < 2.4.42.4.4
org.codehaus.groovy:groovy-allMaven
>= 1.7.0, < 2.4.42.4.4

Affected products

120
  • Apache/Groovy103 versions
    cpe:2.3:a:apache:groovy:1.7.0:*:*:*:*:*:*:*+ 102 more
    • cpe:2.3:a:apache:groovy:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:beta_3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:beta_4:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.9.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.9.0:beta_3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:1.9.0:beta_4:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:beta_3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:beta_3:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:beta_4:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:groovy:2.4.3:*:*:*:*:*:*:*
  • Oracle Corporation/Health Sciences Clinical Development Center2 versions
    cpe:2.3:a:oracle:health_sciences_clinical_development_center:3.1.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:health_sciences_clinical_development_center:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:health_sciences_clinical_development_center:3.1.2:*:*:*:*:*:*:*
  • Oracle Corporation/Retail Order Broker Cloud Service4 versions
    cpe:2.3:a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker_cloud_service:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:*
  • Oracle Corporation/Retail Service Backbone6 versions
    cpe:2.3:a:oracle:retail_service_backbone:13.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:oracle:retail_service_backbone:13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_service_backbone:13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_service_backbone:13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_service_backbone:14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
  • Oracle Corporation/Retail Store Inventory Management3 versions
    cpe:2.3:a:oracle:retail_store_inventory_management:13.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:retail_store_inventory_management:13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*
  • Oracle Corporation/Webcenter Sites2 versions
    cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:webcenter_sites:12.2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

28

News mentions

0

No linked articles in our index yet.