Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and previous versions in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pi...
Jenkins Pipeline\\ Declarative
Redhat Openshift Container Platform 3.11
1 EDB exploit
1 Github repository
655
VMScore
CVE-2013-6366
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
Vmware Hyperic Hq 4.6.6
1 EDB exploit
605
VMScore
CVE-2022-30945
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and previous versions allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
Jenkins Pipeline\\ Groovy
605
VMScore
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and previous versions in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP...
Jenkins Warnings Next Generation
605
VMScore
CVE-2016-6521
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and previous versions allows remote malicious users to hijack the authentication of users for requests that execute arbitrary Groovy code via unspeci...
Gopivotal Grails
Gopivotal Grails 2.0.6
605
VMScore
CVE-2009-4931
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
Bestwebsharing Groovy Media Player 1.1.0
580
VMScore
CVE-2022-23616
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset pa...
Xwiki Xwiki 3.1
Xwiki Xwiki
580
VMScore
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely(RCE).
Craftercms Crafter Cms
580
VMScore
CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and previous versions can be circumvented through default parameter expressions in CPS-transformed methods.
Jenkins Pipeline\\ Groovy
580
VMScore
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java th...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
5 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »