I was able to build these based on the previous Spring Framework detections I had at bigfix.me. Please give these a try (on TEST systems) and let me know how they work out for you. I only have limited test cases, but on my Win10 and CentOS systems I’m detecting the grails-databinding-X.jar files on the filesystem and embedded in WAR archives.
Scan for Linux: https://bigfix.me/cdb/fixlet/26942
Scan for Windows: https://bigfix.me/cdb/fixlet/26943
Analysis for Results:
These report all the grails-databinding JAR files that are found - the lesson I learned from Log4j is to not assume today’s version is still going to be a “good” version tomorrow, so I just report all the versions found for now.
As of today, the versions per https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97 are
3.x, <=4.1.0, <=5.1.9, <=5.2.1
5.2.1, 5.1.9, 4.1.1, 3.3.15