Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-28884
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administr...
Liferay Liferay Portal 7.2
Liferay Liferay Portal 7.3.5
7.5
CVSSv2
CVE-2020-13420
OpenIAM prior to 4.2.0.3 allows remote malicious users to execute arbitrary code via Groovy Script.
Openiam Openiam
NA
CVE-2022-43402
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to b...
Jenkins Pipeline\\ Groovy
4
CVSSv2
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and previous versions, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins mast...
Jenkins Script Security
6.5
CVSSv2
CVE-2019-1003030
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and previous versions in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins mas...
Jenkins Pipeline\\ Groovy
Redhat Openshift Container Platform 3.11
1 Github repository
NA
CVE-2023-50572
An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows malicious users to cause an OOM (OutofMemory) error.
Jline Jline 3.24.1
1 Github repository
7.5
CVSSv2
CVE-2016-3102
The Script Security plugin prior to 1.18.1 in Jenkins might allow remote malicious users to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
Jenkins Script Security 1.10
Jenkins Script Security 1.9
Jenkins Script Security 1.8
Jenkins Script Security 1.7
Jenkins Script Security 1.13
Jenkins Script Security 1.11
Jenkins Script Security 1.6
Jenkins Script Security 1.4
Jenkins Script Security 1.18
Jenkins Script Security 1.17
Jenkins Script Security 1.16
Jenkins Script Security 1.15
Jenkins Script Security 1.2
Jenkins Script Security 1.1
Jenkins Script Security 1.0
Jenkins Script Security 1.14
Jenkins Script Security 1.12
Jenkins Script Security 1.5
Jenkins Script Security 1.3
9.3
CVSSv2
CVE-2019-12180
An issue exists in SmartBear ReadyAPI up to and including 2.8.2 and 3.0.0 and SoapUI up to and including 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an malicious user to execute arbitrary Groovy Language code (Java script...
Smartbear Readyapi
Smartbear Soapui
1 Github repository
6.5
CVSSv2
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerabilit...
Eclipse Keti -
NA
CVE-2022-31860
An issue exists in OpenRemote up to and including 1.0.4 allows malicious users to execute arbitrary code via a crafted Groovy rule.
Openremote Openremote
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »