Pipeline: Groovy Security Vulnerabilities
Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u...
7.7AI Score
0.086EPSS
Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u...
7.8AI Score
0.086EPSS
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec...
7.5AI Score
0.006EPSS
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec...
7.3AI Score
0.006EPSS
pinot-controller is vulnerable to privilege escalation. The vulnerability exists because the isDisableIngestionGroovy function of ControllerConf.java does not properly disable groovy functionality by default allowing an attacker to modify table-level config or broker/controller config to turn it...
9.8CVSS
8.9AI Score
0.002EPSS
Apache Pinot has Groovy Function support enabled by default
Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function...
9.8CVSS
2.4AI Score
0.002EPSS
Apache Pinot has Groovy Function support enabled by default
Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. This issue has been fixed by making function...
9.8CVSS
2.4AI Score
0.002EPSS
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
9.8CVSS
0.002EPSS
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
9.8CVSS
9.4AI Score
0.002EPSS
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
9.8CVSS
9.3AI Score
0.002EPSS
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
9.8CVSS
9.3AI Score
0.002EPSS
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
9.6AI Score
0.002EPSS
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Impact It's possible to store Javascript or groovy scripts in an mention macro anchor or reference field. The stored code is executed by anyone visiting the page with the mention. For example, the example below will create a file at /tmp/exploit.txt: {{mention reference="XWiki.Translation"...
9CVSS
9.1AI Score
0.004EPSS
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Impact It's possible to store Javascript or groovy scripts in an mention macro anchor or reference field. The stored code is executed by anyone visiting the page with the mention. For example, the example below will create a file at /tmp/exploit.txt: {{mention reference="XWiki.Translation"...
9CVSS
8.7AI Score
0.004EPSS
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the XWikiServerClassSheet if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a....
9.9CVSS
8.8AI Score
0.007EPSS
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the XWikiServerClassSheet if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a....
9.9CVSS
0.1AI Score
0.007EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows...
9.9CVSS
0.6AI Score
0.005EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows...
9.9CVSS
8.8AI Score
0.004EPSS
XWiki < 13.10.6, 14.0 < 14.4 Code Injection Vulnerability (GHSA-2g5c-228j-p52x)
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.004EPSS
XWiki 12.5 < 13.10.6, 14.0 < 14.4 XSS Vulnerability (GHSA-c5v8-2q4r-5w9v)
Xwiki is prone to a cross-site scripting (XSS) ...
9CVSS
8.8AI Score
0.004EPSS
XWiki 5.3 < 13.10.6, 14.0 < 14.4 Code Injection Vulnerability (GHSA-xr6m-2p4m-jvqf)
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.007EPSS
CrafterCMS OS Command Injection vulnerability
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
7.2CVSS
7.2AI Score
0.001EPSS
CrafterCMS OS Command Injection vulnerability
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
7.2CVSS
5.4AI Score
0.001EPSS
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
7.2CVSS
7.2AI Score
0.001EPSS
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
7.2CVSS
7.1AI Score
0.001EPSS
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
7.2CVSS
0.001EPSS
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
7.2CVSS
7.1AI Score
0.001EPSS
CVE-2022-40635 Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox...
6.4CVSS
7.4AI Score
0.001EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
8.8CVSS
0.004EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
9.9CVSS
7.6AI Score
0.005EPSS
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field.....
9CVSS
6.8AI Score
0.004EPSS
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field.....
9CVSS
0.004EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
9.9CVSS
8.1AI Score
0.004EPSS
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field.....
9CVSS
9AI Score
0.004EPSS
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
8.8CVSS
0.007EPSS
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
9.9CVSS
7.2AI Score
0.007EPSS
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
9.9CVSS
8.8AI Score
0.007EPSS
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field.....
9CVSS
9AI Score
0.004EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
8.8CVSS
8.1AI Score
0.004EPSS
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
8.8CVSS
8.8AI Score
0.007EPSS
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
9.9CVSS
8.9AI Score
0.004EPSS
CVE-2022-36098 XWiki Platform Mentions UI vulnerable to Cross-site Scripting
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field.....
8.9CVSS
9.3AI Score
0.004EPSS
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
9.9CVSS
9.8AI Score
0.007EPSS
RHEL 8 : OpenShift Container Platform 4.7.52 paackages (RHSA-2022:4909)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4909 advisory. credentials: Stored XSS vulnerabilities in jenkins plugin (CVE-2022-29036) subversion: Stored XSS vulnerabilities in Jenkins subversion...
5.4CVSS
6AI Score
0.001EPSS
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy...
9.8CVSS
9.5AI Score
0.004EPSS
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy...
9.8CVSS
7.7AI Score
0.004EPSS
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy...
9.8CVSS
0.004EPSS
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy...
9.8CVSS
9.5AI Score
0.004EPSS
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy...
9.8AI Score
0.004EPSS
A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded...
8.5CVSS
1.2AI Score
0.001EPSS