Groovy: Arbitrary code execution

2020-03-07T00:00:00
ID GLSA-202003-01
Type gentoo
Reporter Gentoo Foundation
Modified 2020-03-12T00:00:00

Description

Background

A multi-faceted language for the Java platform

Description

It was discovered that there was a vulnerability within the Java serialization/deserialization process.

Impact

An attacker, by crafting a special serialized object, could execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for Groovy. We recommend that users unmerge Groovy:

 # emerge --unmerge "dev-java/groovy"