An issue exists in OpenRemote up to and including 1.0.4 allows malicious users to execute arbitrary code via a crafted Groovy rule.
openremote openremote