IBM Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)

Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system.

CVE(s): CVE-2015-3253

Affected product(s) and affected version(s):

IBM® Development Package for Apache Spark™ v1.5.2.x, v1.6.0.x, and v1.6.1.x

These depend upon a version of Groovy, prior to Apache Groovy v2.4.4, that is affected by this vulnerability.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2amghe1
X-Force Database: http://ift.tt/2aJzyt0



from IBM Product Security Incident Response Team http://ift.tt/2amguO7