Search CVE reports
1 – 3 of 3 results
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not...
2 affected packages
groovy2, groovy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| groovy2 | Not in release | Not in release | Not in release | Not in release |
| groovy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 4
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local...
2 affected packages
groovy, groovy2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| groovy | Not affected | Not affected | Not affected | Not affected |
| groovy2 | Not in release | Not in release | Not in release | Not in release |
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
2 affected packages
groovy, groovy2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| groovy | — | Not affected | Not affected | Not affected |
| groovy2 | — | Not in release | Not in release | Not in release |