Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grails grails vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-41923
Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework appl...
Grails Spring Security Core
1 Github repository
9.8
CVSSv3
CVE-2022-35912
In grails-databinding in Grails prior to 3.3.15, 4.x prior to 4.1.1, 5.x prior to 5.1.9, and 5.2.x prior to 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote malicious user to execute code by gaining access to the class loader.
Grails Grails
Grails Grails 5.2.0
8.8
CVSSv3
CVE-2016-6521
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and previous versions allows remote malicious users to hijack the authentication of users for requests that execute arbitrary Groovy code via unspeci...
Gopivotal Grails
Gopivotal Grails 2.0.6
8.1
CVSSv3
CVE-2019-12728
Grails prior to 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
Grails Grails
7.5
CVSSv3
CVE-2023-46131
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in versio...
Grails Grails
7.5
CVSSv3
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version before 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable v...
Asset Pipeline Project Asset-pipeline
7.5
CVSSv3
CVE-2018-17605
An issue exists in the Asset Pipeline plugin prior to 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal ro...
Asset Pipeline Project Asset-pipeline
7.5
CVSSv3
CVE-2014-3626
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the norm...
Grails Resources
6.1
CVSSv3
CVE-2018-1000529
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
Grails Grails Fields 2.2.7
1 Github repository
5.9
CVSSv3
CVE-2017-6344
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote malicious users to read arbitrary files via a crafted XML document.
Grails Pdf Plugin 0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »