CVE-2016-6199

Опубликовано: 07 фев. 2017

Источник: debian

EPSS Низкий

Описание

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

Пакет	Статус	Версия исправления	Релиз	Тип
gradle	fixed	2.13-1		package
gradle	ignored		jessie	package

Starting from 2.13-1 it uses commons-collections:commons-collections:3.2.2
https://philwantsfish.github.io/security/java-deserialization-github
https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726
ObjectSocketWrapper only used by Gradle UI, which was removed in current releases (4.x)

EPSS

Процентиль: 84%

0.02251

Низкий

CVE-2016-6199

CVSS3: 9.8

ubuntu

почти 9 лет назад

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

CVE-2016-6199

CVSS3: 8.1

redhat

больше 9 лет назад

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

CVE-2016-6199

CVSS3: 9.8

nvd

почти 9 лет назад

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

GHSA-f65r-2xfr-g5gx

CVSS3: 9.8

github

больше 3 лет назад

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

EPSS

Процентиль: 84%

0.02251

Низкий