IBM Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)
Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system.
CVE(s): CVE-2015-3253
Affected product(s) and affected version(s):
IBM® Development Package for Apache Spark™ v1.5.2.x, v1.6.0.x, and v1.6.1.x
These depend upon a version of Groovy, prior to Apache Groovy v2.4.4, that is affected by this vulnerability.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2amghe1
X-Force Database: http://ift.tt/2aJzyt0
from IBM Product Security Incident Response Team http://ift.tt/2amguO7