GHSA-6RH6-X8WW-9H97 Grails framework Remote Code Execution via Data Binding

Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. Patches Grails framewor...

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

Code injection

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

Grails 代码注入漏洞

Grails is the Grails project is based on the Groovy programming language and a set of rapid development of Web applications for the open source framework . A security vulnerability in Grails-databinding versions prior to 3.3.15, 4.x versions prior to 4.1.1, 5.x versions prior to 5.1.9, and 5.2.x...

[SECURITY] Fedora 35 Update: golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc35

XGB is the X Go Binding, which is a low-level API to communicate with the core X protocol and many of the X extensions. It is closely modeled after XCB and xpyb...

Samsung TelephonyUI Access Control Error Vulnerability (CNVD-2022-70745)

An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...

SAMSUNG Mobile devices TelephonyUI 安全漏洞

An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...

springframework: DoS via data binding to multipartFile or servlet part

A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

Moderate: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.7 + Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

[SECURITY] Fedora 36 Update: golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc36

XGB is the X Go Binding, which is a low-level API to communicate with the core X protocol and many of the X extensions. It is closely modeled after XCB and xpyb...

Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...

MGASA-2022-0245 Updated python-bottle packages fix security vulnerability

Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799...

GHSA-W24X-87MR-4R23 SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

Malicious code in wallet-nodejs-binding (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19008a50d899f9a3a78116d541b53e03f18a52847e6345eec6823b6adcc6a564 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7038 Malicious code in wallet-nodejs-binding (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19008a50d899f9a3a78116d541b53e03f18a52847e6345eec6823b6adcc6a564 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1814 Malicious code in calling-component-bindings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d34742e24d97901f4bbbaee9d2c3f3166f3b4f29cd95880e1a0594078f45301a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)

Summary Spring Framework is used by IBM Watson Explorer Foundational and Analytical Components. IBM Watson Explorer has addressed the applicable CVE CVE-2022-22971, CVE-2022-22968, CVE-2022-22970. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable...

OESA-2022-1712 python-bottle security update

Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: Bottle before 0.12.20 mishandles errors during early request binding.CVE-2022-31799...

npm libpq 后置链接漏洞

npm libpq is a node-native binding to the PostgreSQL libpq C client library from npm USA. A backlink vulnerability exists in versions of libpq prior to 1.7.1, which stems from the fact that Read calls to g GitArtifactReader.readFromRepository do not check for files containing trigger resource...