main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html