Vulnerability Details CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.052
EPSS Ranking 89.6%
CVSS Severity
CVSS v3 Score 9.8
References
- http://www.openwall.com/lists/oss-security/2022/07/20/4
- https://github.com/grails/grails-core/issues/12626
- https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97
- https://grails.org/blog/2022-07-18-rce-vulnerability.html
- http://www.openwall.com/lists/oss-security/2022/07/20/4
- https://github.com/grails/grails-core/issues/12626
- https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97
- https://grails.org/blog/2022-07-18-rce-vulnerability.html
Products affected by CVE-2022-35912
-
cpe:2.3:a:grails:grails:3.3.10
-
cpe:2.3:a:grails:grails:3.3.11
-
cpe:2.3:a:grails:grails:3.3.12
-
cpe:2.3:a:grails:grails:3.3.13
-
cpe:2.3:a:grails:grails:3.3.14
-
cpe:2.3:a:grails:grails:4.0.0
-
cpe:2.3:a:grails:grails:4.0.1
-
cpe:2.3:a:grails:grails:4.0.10
-
cpe:2.3:a:grails:grails:4.0.11
-
cpe:2.3:a:grails:grails:4.0.12
-
cpe:2.3:a:grails:grails:4.0.13
-
cpe:2.3:a:grails:grails:4.0.2
-
cpe:2.3:a:grails:grails:4.0.3
-
cpe:2.3:a:grails:grails:4.0.4
-
cpe:2.3:a:grails:grails:4.0.5
-
cpe:2.3:a:grails:grails:4.0.6
-
cpe:2.3:a:grails:grails:4.0.7
-
cpe:2.3:a:grails:grails:4.0.8
-
cpe:2.3:a:grails:grails:4.0.9
-
cpe:2.3:a:grails:grails:4.1.0
-
cpe:2.3:a:grails:grails:5.0.0
-
cpe:2.3:a:grails:grails:5.0.1
-
cpe:2.3:a:grails:grails:5.0.2
-
cpe:2.3:a:grails:grails:5.0.3
-
cpe:2.3:a:grails:grails:5.1.0
-
cpe:2.3:a:grails:grails:5.1.1
-
cpe:2.3:a:grails:grails:5.1.2
-
cpe:2.3:a:grails:grails:5.1.3
-
cpe:2.3:a:grails:grails:5.1.4
-
cpe:2.3:a:grails:grails:5.1.5
-
cpe:2.3:a:grails:grails:5.1.6
-
cpe:2.3:a:grails:grails:5.1.7
-
cpe:2.3:a:grails:grails:5.1.8
-
cpe:2.3:a:grails:grails:5.2.0