CVE-2022-35912

Remote Code Execution in maven/org.grails/grails-core

Identifiers

CVE-2022-35912, GHSA-6rh6-x8ww-9h97

Package Slug

maven/org.grails/grails-core

Vulnerability

Remote Code Execution

Description

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.

Affected Versions

All versions starting from 3.3.10 before 3.3.15, all versions starting from 4.0.0 before 4.1.1, all versions starting from 5.0.0 before 5.1.9, version 5.2.0

Solution

Upgrade to versions 3.3.15, 4.1.1, 5.1.9, 5.2.1 or above.

Last Modified

2022-07-29

source