You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR.
Patches
Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15
Impact
A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR.
Patches
Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35912
https://grails.org/blog/2022-07-18-rce-vulnerability.html
For more information
If you have any questions or comments about this advisory:
Credit
This vulnerability was discovered by meizjm3i and codeplutos of AntGroup FG Security Lab