Creation of Temporary File in Directory with Insecure Permissions
Groovy extension methods were using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts.
Advisories for Maven/Org.codehaus.groovy/Groovy-All package
2020
2015
Remote execution of untrusted code in class MethodClosure
The MethodClosure class in runtime/MethodClosure.java in this package allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.