Critical severity9.8NVD Advisory· Published Jan 18, 2018· Updated Jun 17, 2026
CVE-2016-6814
CVE-2016-6814
Description
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.codehaus.groovy:groovyMaven | >= 1.7.0, < 2.4.8 | 2.4.8 |
org.codehaus.groovy:groovy-allMaven | >= 1.7.0, < 2.4.8 | 2.4.8 |
Affected products
2- ghsa-coords2 versions
>= 1.7.0, < 2.4.8+ 1 more
- (no CPE)range: >= 1.7.0, < 2.4.8
- (no CPE)range: >= 1.7.0, < 2.4.8
Patches
Vulnerability mechanics
References
18- mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3EnvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/95429nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039600nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2486nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2596nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-xphj-m9cc-8fmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6814ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2017-0272.htmlnvdBroken LinkWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvdWEB
- access.redhat.com/errata/RHSA-2017:0868nvdBroken LinkWEB
- security.gentoo.org/glsa/202003-01nvdWEB
- www.oracle.com/security-alerts/cpujan2020.htmlnvdWEB
- www.oracle.com/security-alerts/cpujul2020.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlnvdWEB
News mentions
0No linked articles in our index yet.