Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/07/2022 Updated: 27/07/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

In grails-databinding in Grails prior to 3.3.15, 4.x prior to 4.1.1, 5.x prior to 5.1.9, and 5.2.x prior to 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote malicious user to execute code by gaining access to the class loader.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grails grails
grails grails 5.2.0

In grails-databinding in Grails before 3315, 4x before 411, 5x before 519, and 52x before 521 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader ...

NVD-CWE-noinfo https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97 https://github.com/grails/grails-core/issues/12626 https://grails.org/blog/2022-07-18-rce-vulnerability.html http://www.openwall.com/lists/oss-security/2022/07/20/4 https://nvd.nist.gov https://security.archlinux.org/CVE-2022-35912

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-35912

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect