GCVE - cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Grails (`1ca4d4b3-af4d-5537-a6a8-2088041e434e`)
Product	Grails (`0bbad43a-1ed7-5335-be13-c27314527abc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/grails/grails-core`	purl2cpe	2026-06-01 10:12:13.306600
`pkg:maven/org.grails/grails`	purl2cpe	2026-06-01 10:12:13.306603

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-46131`	vulnerable	2026-06-08 06:12:43.915052	Grails® data binding causes JVM crash and/or DoS MEDIUM (6.5) Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. Published: 2023-12-20T23:24:27.227Z Updated: 2024-08-02T20:37:39.816Z Open on db.gcve.eu Reference links https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5 https://github.com/grails/grails-core/issues/13302 https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60 https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3 https://grails.org/blog/2023-12-20-cve-data-binding-dos.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-35912`	vulnerable	2026-06-08 05:46:05.952556	Details available In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader. Published: 2022-07-19T15:56:59.000Z Updated: 2024-08-03T09:44:22.117Z Open on db.gcve.eu Reference links https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97 https://grails.org/blog/2022-07-18-rce-vulnerability.html https://github.com/grails/grails-core/issues/12626 http://www.openwall.com/lists/oss-security/2022/07/20/4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12728`	vulnerable	2026-06-08 05:12:40.322120	Details available HIGH (8.1) Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. Published: 2019-06-04T12:41:49.000Z Updated: 2024-08-04T23:32:53.970Z Open on db.gcve.eu Reference links https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability https://github.com/grails/grails-core/issues/11250	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.