VYPR
Critical severity9.8NVD Advisory· Published Jan 18, 2018· Updated Jun 17, 2026

CVE-2016-6814

CVE-2016-6814

Description

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.codehaus.groovy:groovyMaven
>= 1.7.0, < 2.4.82.4.8
org.codehaus.groovy:groovy-allMaven
>= 1.7.0, < 2.4.82.4.8

Affected products

2

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.