2 matches found
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
CVE-2018-1000817
The CVE affects the Asset Pipeline Grails Plugin. Vulnerable in versions prior to 2.14.1.1 (Grails 2.x), 2.15.1 (Grails 3/Java 7) and 3.0.6 (Grails 3/Java 8) where an Incorrect Access Control flaw enables directory traversal via a crafted GET request from the assets-pipeline context, allowing dow...