CVE-2022-35912, GHSA-6rh6-x8ww-9h97
maven/org.grails/grails-core
Remote Code Execution
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.
All versions starting from 3.3.10 before 3.3.15, all versions starting from 4.0.0 before 4.1.1, all versions starting from 5.0.0 before 5.1.9, version 5.2.0
Upgrade to versions 3.3.15, 4.1.1, 5.1.9, 5.2.1 or above.
2022-07-29
source |