A vulnerability within serialization might allow remote attackers to execute arbitrary code.
|Package||dev-java/groovy on all architectures|
|Affected versions||<= 2.4.5|
A multi-faceted language for the Java platform
It was discovered that there was a vulnerability within the Java serialization/deserialization process.
An attacker, by crafting a special serialized object, could execute arbitrary code.
There is no known workaround at this time.
Gentoo has discontinued support for Groovy. We recommend that users unmerge Groovy:
# emerge --unmerge "dev-java/groovy"
March 07, 2020
March 12, 2020: 3