Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.

CVE
Open in Source
#vulnerability#java#rce#maven

Package

maven grails-databinding (Maven)

Affected versions

3.x, <=4.1.0, <=5.1.9, <=5.2.1

Patched versions

5.2.1, 5.1.9, 4.1.1, 3.3.15

Description

Impact

A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR.

Patches

Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35912
https://grails.org/blog/2022-07-18-rce-vulnerability.html

For more information

If you have any questions or comments about this advisory:

  • https://grails.org/blog/2022-07-18-rce-vulnerability.html
  • #12626
  • Email us at [email protected]

Credit

This vulnerability was discovered by meizjm3i and codeplutos of AntGroup FG Security Lab

Related news

Critical security vulnerability in Grails could lead to remote code execution

Maintainers warn to patch all versions of open source web app framework – even those not deemed vulnerable

GHSA-6rh6-x8ww-9h97: Grails framework Remote Code Execution via Data Binding

### Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. ### Patches Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15 ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35912 https://grails.org/blog/2022-07-18-rce-vulnerability.html ### For more information If you have any questions or comments about this advisory: * https://grails.org/blog/2022-07-18-rce-vulnerability.html * https://github.com/grails/grails-core/issues/12626 * Email us at [[email protected]](mailto:[email protected]) ### Credit This vulnerability was discovered by [meizjm3i](https://github.com/meizjm3i) and [codeplutos](https://github.com/codeplutos) of AntGroup FG Security Lab

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE