groovy -- remote execution of untrusted code
Cédric Champeau reports:
When an application has Groovy on the classpath and that
it uses standard Java serialization mechanism to communicate
between servers, or to store local data, it is possible for
an attacker to bake a special serialized object that will
execute code directly when deserialized. All applications
which rely on serialization and do not isolate the code which
deserializes objects are subject to this vulnerability.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright