Candidate: CVE-2016-6199
PublicDate: 2017-02-07 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6199
 https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726
 https://philwantsfish.github.io/security/java-deserialization-github
Description:
 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute
 arbitrary code via a crafted serialized object.
Ubuntu-Description:
Notes:
 pfsmorigo> GUI was deprecated after version 4.0
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_gradle:
 upstream: https://github.com/gradle/gradle/commit/b89b847866d2d
upstream_gradle: needs-triage
precise_gradle: ignored (reached end-of-life)
precise/esm_gradle: DNE (precise was needs-triage)
trusty_gradle: ignored (reached end-of-life)
trusty/esm_gradle: DNE (trusty was needed)
vivid/stable-phone-overlay_gradle: DNE
vivid/ubuntu-core_gradle: DNE
xenial_gradle: ignored (end of standard support, was needed)
yakkety_gradle: ignored (reached end-of-life)
zesty_gradle: not-affected (2.13-4)
artful_gradle: not-affected (2.13-4)
bionic_gradle: not-affected (2.13-4)
cosmic_gradle: not-affected (2.13-4)
disco_gradle: not-affected (2.13-4)
eoan_gradle: not-affected (2.13-4)
focal_gradle: not-affected (2.13-4)
groovy_gradle: not-affected (2.13-4)
hirsute_gradle: not-affected (2.13-4)
impish_gradle: not-affected (2.13-4)
jammy_gradle: not-affected (2.13-4)
devel_gradle: not-affected (2.13-4)