io.github.gpc:cascade-validation (=4.0.0), io.github.gpc:grails-cascade-validation (=4.0.0) +19 more potentially affected by CVE-2022-35912 via org.grails:grails-databinding (>=4.0.10 <=4.1.0)

org.grails:grails-databinding MAVEN version =4.0.10, =4.0.0-1, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.1.0 and more Source cves: CVE-2022-35912 Source advisory: OSV:GHSA-6RH6-X8WW-9H97...

Grails framework Remote Code Execution via Data Binding

Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. Patches Grails framewor...

CVE-2022-35912

creationtimestamp| type| source ---|---|--- 2022-07-19 20:40:58+00:00| seen| https://t.me/cibsecurity/46568...

CVE-2022-35912

CVE-2022-35912 is a Grails data-binding remote code execution vulnerability. In grails-databinding, versions prior to 3.3.15, 4.x prior to 4.1.1, 5.x prior to 5.1.9, and 5.2.x prior to 5.2.1 can allow a remote attacker to execute code by gaining access to the class loader when certain Java 8 conf...