{"id":"MGASA-2017-0333","summary":"Updated groovy18 packages fix security vulnerability","details":"When an application has Groovy on the classpath and that it uses\nstandard Java serialization mechanism to communicate between servers, or\nto store local data, it is possible for an attacker to bake a special\nserialized object that will execute code directly when deserialized. All\napplications which rely on serialization and do not isolate the code\nwhich deserializes objects are subject to this vulnerability\n(CVE-2015-3253).\n","modified":"2026-04-16T01:46:32.913908898Z","published":"2017-09-07T09:07:16Z","upstream":["CVE-2015-3253"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0333.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21649"},{"type":"WEB","url":"http://groovy-lang.org/security.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I2E3KU5UUQCI7TN3MCB6I6JI2EE7GR77/"}],"affected":[{"package":{"name":"groovy18","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/groovy18?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.9-26.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0333.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}