Security
Security
A vulnerability within serialization might allow remote attackers to execute arbitrary code.
| Package | dev-java/groovy on all architectures |
|---|---|
| Affected versions | <= 2.4.5 |
| Unaffected versions |
A multi-faceted language for the Java platform
It was discovered that there was a vulnerability within the Java serialization/deserialization process.
An attacker, by crafting a special serialized object, could execute arbitrary code.
There is no known workaround at this time.
Gentoo has discontinued support for Groovy. We recommend that users unmerge Groovy:
# emerge --unmerge "dev-java/groovy"
Release date
March 07, 2020
Latest revision
March 12, 2020: 3
Severity
normal
Exploitable
remote
Bugzilla entries