CVE-2018-17605 – org.grails.plugins:asset-pipeline

Package

Manager: maven
Name: org.grails.plugins:asset-pipeline
Vulnerable Version: >=0 <3.0.4

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00451 pctl0.62803

Details

Asset Pipeline plugin for Grails vulnerable to Path Traversal An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.

Metadata

Created: 2022-05-14T01:44:59Z
Modified: 2022-11-22T19:24:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g7wm-22m6-5774/GHSA-g7wm-22m6-5774.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-g7wm-22m6-5774
Finding: F063
Auto approve: 1