Search criteria
7 vulnerabilities by grails
CVE-2023-46131 (GCVE-0-2023-46131)
Vulnerability from cvelistv5 – Published: 2023-12-20 23:24 – Updated: 2024-08-02 20:37
VLAI?
Title
Grails® data binding causes JVM crash and/or DoS
Summary
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| grails | grails-core |
Affected:
>= 6.0.0, < 6.1.0
Affected: >= 5.0.0, < 5.3.4 Affected: >= 4.0.0, < 4.1.3 Affected: >= 2.0.0, < 3.3.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5"
},
{
"name": "https://github.com/grails/grails-core/issues/13302",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/issues/13302"
},
{
"name": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60"
},
{
"name": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3"
},
{
"name": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grails-core",
"vendor": "grails",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.0"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.4"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.3"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 3.3.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T23:24:27.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5"
},
{
"name": "https://github.com/grails/grails-core/issues/13302",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/issues/13302"
},
{
"name": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60"
},
{
"name": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3"
},
{
"name": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html"
}
],
"source": {
"advisory": "GHSA-3pjv-r7w4-2cf5",
"discovery": "UNKNOWN"
},
"title": "Grails\u00ae data binding causes JVM crash and/or DoS "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46131",
"datePublished": "2023-12-20T23:24:27.227Z",
"dateReserved": "2023-10-16T17:51:35.573Z",
"dateUpdated": "2024-08-02T20:37:39.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41923 (GCVE-0-2022-41923)
Vulnerability from cvelistv5 – Published: 2022-11-23 00:00 – Updated: 2025-04-23 16:35
VLAI?
Title
Grails Spring Security Core plugin vulnerable to privilege escalation
Summary
Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin.
Severity ?
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| grails | grails-spring-security-core |
Affected:
>= 5.0.0, < 5.1.1
Affected: >= 4.0.0, < 4.0.5 Affected: >= 3.0.0, < 3.3.2 Affected: = 2.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grails/grails-spring-security-core/security/advisories/GHSA-frqg-vvxg-jqqh"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grails/GSSC-CVE-2022-41923"
},
{
"tags": [
"x_transferred"
],
"url": "https://grails.org/blog/2022-11-22-ss-plugin-auth-cve.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:48:06.839661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:35:37.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grails-spring-security-core",
"vendor": "grails",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.1"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.5"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.3.2"
},
{
"status": "affected",
"version": "= 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x \u003e=3.0.0 \u003c3.3.2 \u003e=4.0.0 \u003c4.0.5 \u003e=5.0.0 \u003c5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/grails/grails-spring-security-core/security/advisories/GHSA-frqg-vvxg-jqqh"
},
{
"url": "https://github.com/grails/GSSC-CVE-2022-41923"
},
{
"url": "https://grails.org/blog/2022-11-22-ss-plugin-auth-cve.html"
}
],
"source": {
"advisory": "GHSA-frqg-vvxg-jqqh",
"discovery": "UNKNOWN"
},
"title": "Grails Spring Security Core plugin vulnerable to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41923",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:35:37.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35912 (GCVE-0-2022-35912)
Vulnerability from cvelistv5 – Published: 2022-07-19 15:56 – Updated: 2024-08-03 09:44
VLAI?
Summary
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://grails.org/blog/2022-07-18-rce-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/issues/12626"
},
{
"name": "[oss-security] 20220720 Grails Framework Remote Code Execution Vulnerability, CVE-2022-35912",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T23:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://grails.org/blog/2022-07-18-rce-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grails/grails-core/issues/12626"
},
{
"name": "[oss-security] 20220720 Grails Framework Remote Code Execution Vulnerability, CVE-2022-35912",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97",
"refsource": "CONFIRM",
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-6rh6-x8ww-9h97"
},
{
"name": "https://grails.org/blog/2022-07-18-rce-vulnerability.html",
"refsource": "CONFIRM",
"url": "https://grails.org/blog/2022-07-18-rce-vulnerability.html"
},
{
"name": "https://github.com/grails/grails-core/issues/12626",
"refsource": "CONFIRM",
"url": "https://github.com/grails/grails-core/issues/12626"
},
{
"name": "[oss-security] 20220720 Grails Framework Remote Code Execution Vulnerability, CVE-2022-35912",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35912",
"datePublished": "2022-07-19T15:56:59",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12728 (GCVE-0-2019-12728)
Vulnerability from cvelistv5 – Published: 2019-06-04 12:41 – Updated: 2024-08-04 23:32
VLAI?
Summary
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:53.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/issues/11250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users\u0027 apps were not resolving dependencies over cleartext HTTP."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-04T12:41:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/issues/11250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users\u0027 apps were not resolving dependencies over cleartext HTTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability",
"refsource": "MISC",
"url": "https://objectcomputing.com/news/2019/05/30/possible-grails-mitm-vulnerability"
},
{
"name": "https://github.com/grails/grails-core/issues/11250",
"refsource": "MISC",
"url": "https://github.com/grails/grails-core/issues/11250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12728",
"datePublished": "2019-06-04T12:41:49",
"dateReserved": "2019-06-04T00:00:00",
"dateUpdated": "2024-08-04T23:32:53.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000529 (GCVE-0-2018-1000529)
Vulnerability from cvelistv5 – Published: 2018-06-26 16:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-23T00:00:00",
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-05T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.039719",
"DATE_REQUESTED": "2018-05-24T16:06:51",
"ID": "CVE-2018-1000529",
"REQUESTER": "soeren@glasius.dk",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grails-fields-plugin/grails-fields/issues/278",
"refsource": "MISC",
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"name": "https://github.com/martinfrancois/CVE-2018-1000529",
"refsource": "MISC",
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000529",
"datePublished": "2018-06-26T16:00:00",
"dateReserved": "2018-05-24T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3626 (GCVE-0-2014-3626)
Vulnerability from cvelistv5 – Published: 2018-03-19 13:00 – Updated: 2024-09-17 03:59
VLAI?
Summary
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | Grails by Pivotal |
Affected:
Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2014-3626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Grails by Pivotal",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed"
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a \u0027%\u0027 character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren\u0027t tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-19T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2014-3626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2017-05-25T00:00:00",
"ID": "CVE-2014-3626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Grails by Pivotal",
"version": {
"version_data": [
{
"version_value": "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a \u0027%\u0027 character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren\u0027t tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2014-3626",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2014-3626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-3626",
"datePublished": "2018-03-19T13:00:00Z",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-09-17T03:59:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6344 (GCVE-0-2017-6344)
Vulnerability from cvelistv5 – Published: 2017-02-27 07:25 – Updated: 2024-08-05 15:25
VLAI?
Summary
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ambionics.io/blog/grails-pdf-plugin-xxe"
},
{
"name": "96446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ambionics.io/blog/grails-pdf-plugin-xxe"
},
{
"name": "96446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ambionics.io/blog/grails-pdf-plugin-xxe",
"refsource": "MISC",
"url": "https://www.ambionics.io/blog/grails-pdf-plugin-xxe"
},
{
"name": "96446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6344",
"datePublished": "2017-02-27T07:25:00",
"dateReserved": "2017-02-26T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}