CVE-2016-6497 (groovy)
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Source: CVE-2016-6497 (groovy)