CVE-2022-35912

Name of the Vulnerable Software and Affected Versions Grails versions prior to 3.3.15 Grails versions 4.x prior to 4.1.1 Grails versions 5.x prior to 5.1.9 Grails versions 5.2.x prior to 5.2.1

Description A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. A remote attacker can execute code by gaining access to the class loader.

Recommendations For Grails versions prior to 3.3.15, update to version 3.3.15 or later. For Grails versions 4.x prior to 4.1.1, update to version 4.1.1 or later. For Grails versions 5.x prior to 5.1.9, update to version 5.1.9 or later. For Grails versions 5.2.x prior to 5.2.1, update to version 5.2.1 or later.