VYPR

Maven package

org.codehaus.groovy/groovy-all

pkg:maven/org.codehaus.groovy/groovy-all

Vulnerabilities (3)

  • CVE-2020-17521Dec 7, 2020
    affected >= 2.0.0, < 2.4.21fixed 2.4.21

    Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Us

  • CVE-2016-6814CriJan 18, 2018
    affected >= 1.7.0, < 2.4.8fixed 2.4.8

    When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a speci

  • CVE-2015-3253CriAug 13, 2015
    affected >= 1.7.0, < 2.4.4fixed 2.4.4

    The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.