CVE-2016-6199

CVE-2016-6199

EPSS 4.7%

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 https://philwantsfish.github.io/security/java-deserialization-github