Ngrinder Security Vulnerabilities and Issues — Ngrinder CVE List

Lucene search

NaverNgrinder

7 matches found

CVE•added 2024/03/07 5:15 a.m.•48 views

CVE-2024-28211

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

9.8CVSS7.3AI score0.03099EPSS

CVE•added 2024/03/07 5:15 a.m.•48 views

CVE-2024-28214

nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.

2.7CVSS6.8AI score0.00479EPSS

CVE•added 2024/03/07 5:15 a.m.•48 views

CVE-2024-28216

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

5.4CVSS6.3AI score0.00267EPSS

CVE•added 2024/03/07 5:15 a.m.•46 views

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

9.8CVSS8.1AI score0.07425EPSS

CVE•added 2024/03/07 5:15 a.m.•44 views

CVE-2024-28215

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

7.5CVSS6.4AI score0.00317EPSS

CVE•added 2024/03/07 5:15 a.m.•40 views

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

9.8CVSS7.9AI score0.0742EPSS

CVE•added 2016/12/13 10:59 p.m.•35 views

CVE-2016-5060

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

6.1CVSS6AI score0.00506EPSS