11 matches found
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
PT-2022-26153 · Grails · Grails Spring Security Core Plugin
Name of the Vulnerable Software and Affected Versions: Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring...
io.github.gpc:cascade-validation (=4.0.0), io.github.gpc:grails-cascade-validation (=4.0.0) +19 more potentially affected by CVE-2022-35912 via org.grails:grails-databinding (>=4.0.10 <=4.1.0)
org.grails:grails-databinding MAVEN version =4.0.10, =4.0.0-1, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.0.10, =4.1.0 and more Source cves: CVE-2022-35912 Source advisory: OSV:GHSA-6RH6-X8WW-9H97...
GHSA-W73Q-MC9G-J56X Asset Pipeline Grails Plugin vulnerable to Path Traversal
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
Asset Pipeline Grails Plugin vulnerable to Path Traversal
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
Directory traversal
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
CVE-2018-1000817
The CVE affects the Asset Pipeline Grails Plugin. Vulnerable in versions prior to 2.14.1.1 (Grails 2.x), 2.15.1 (Grails 3/Java 7) and 3.0.6 (Grails 3/Java 8) where an Incorrect Access Control flaw enables directory traversal via a crafted GET request from the assets-pipeline context, allowing dow...
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
Grails PDF Plugin XML External Entity Information Disclosure Vulnerability
Grails PDF Plugin XML External Entity Information Disclosure vulnerability. An attacker can exploit the vulnerability to obtain sensitive information, which could lead to further attacks...
CVE-2017-6344
XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...