A multi-faceted language for the Java platform
Groovy’s MethodClosure class, in runtime/MethodClosure.java, is vulnerable to a crafted serialized object.
Remote attackers could potentially execute arbitrary code, or cause Denial of Service condition
A workaround exists by using a custom security policy file utilizing the standard Java security manager, or do not rely on serialization to communicate remotely.
All Groovy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/groovy-2.4.5"