plantuml-gradle-plugin icon indicating copy to clipboard operation
plantuml-gradle-plugin copied to clipboard

Published 20 hours ago verified publisher icon RoRoche

CVE-2015-3253 (High) detected in groovy-all-2.3.11.jar

Open mend-bolt-for-github[bot] opened this issue 5 years ago • 0 comments

CVE-2015-3253 - High Severity Vulnerability

Vulnerable Library - groovy-all-2.3.11.jar

Groovy: A powerful, dynamic language for the JVM

Path to dependency file: /tmp/ws-scm/plantuml-gradle-plugin/build.gradle

Path to vulnerable library: 20200501183523_KRRQZE/downloadResource_RDOLRG/20200501183546/groovy-all-2.3.11.jar,20200501183523_KRRQZE/downloadResource_RDOLRG/20200501183546/groovy-all-2.3.11.jar

Dependency Hierarchy:

  • :x: groovy-all-2.3.11.jar (Vulnerable Library)

Found in HEAD commit: 1a49428fa6344e8981dc4645f9da053df382c608

Vulnerability Details

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Publish Date: 2015-08-13

URL: CVE-2015-3253

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://groovy-lang.org/security.html

Release Date: 2015-08-13

Fix Resolution: org.codehaus.groovy:groovy:2.4.4,org.codehaus.groovy:groovy-all:2.4.4

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar May 01 '20 18:05 mend-bolt-for-github[bot]