Critical security vulnerability in Grails could lead to remote code execution

guest · Jul 30, 2022

Maintainers warn to patch all versions of open source web app framework – even those not deemed vulnerable
July 26, 2022 (Updated: July 27, 2022)

Researchers from AntGroup FG Security Lab have discovered a critical security vulnerability allowing an attacker to remotely execute code within a Grails application runtime.

Grails is an open source web application framework based on the Apache Groovy programming language and is used for developing agile web applications. Customers include Google, IBM, Walmart, Credit Suisse, and Mastercard.
Click to expand...

The flaw, tracked using CVE-2022-35912, allows an attacker to remotely execute code within a Grails application runtime by issuing a specially crafted web request that grants the attacker access to the class loader.

The attack exploits a section of the Grails data-binding logic, which is invoked in a number of ways including the creation of command objects, domain class construction, and manual data binding when using bindData.
The vulnerability has been confirmed on Grails framework versions 3.3.10 and higher, including Grails framework 4 and 5, that are running on Java 8. It has been observed in both the embedded Tomcat runtime and applications deployed as a Web Archive (WAR) to a Tomcat instance.
Click to expand...

Patches available
Versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15 have now been patched, and the team recommends upgrading to a patched version. Grails 4.x applications can be upgraded to version 4.1.1 or higher, Grails 5.0.x and 5.1.x applications can be upgraded to 5.1.9 or higher, and Grails 5.2 applications can be upgraded to 5.2.1 or higher.

“The Grails Foundation and the Grails core development team take application security very seriously,” wrote the team. “We are continuing to research and monitor this vulnerability.”
Click to expand...

Grails: Grails Framework Remote Code Execution Vulnerability

guest · Jul 30, 2022

CIS - Center for Internet Security
A Vulnerability in the Grails Framework Could Allow for Remote Code Execution (CVE-2022-35912)
MS-ISAC ADVISORY NUMBER: 2022-096
July 30, 2022

OVERVIEW:
A vulnerability have been discovered in the Grails Framework which could allow for remote code execution. Grails is backend Apache Groovy framework. Successful exploitation of this vulnerability, could allow a user to execute code in the context of the Grails application.
Click to expand...

TECHNICAL SUMMARY:
A vulnerability have been discovered in the Grails Framework (CVE-2022-35912) which could allow for remote code execution. Details of this vulnerability are as follows:

Tactic: Execution (TA00041):
Technique: Native Code (T1575):

CVE-2022-35912 – A vulnerability in a section of the Grails data-binding logic which enables an attack to issue a specially crafted web request to execute code of their own choosing.

Click to expand...

Log in or Sign up

Critical security vulnerability in Grails could lead to remote code execution

guest Guest

guest Guest

Log in or Sign up

Critical security vulnerability in Grails could lead to remote code execution

guest Guest

guest Guest

Useful Searches