High severity8.8NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026

CVE-2016-6521

Description

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2016/08/02/11nvdPatchThird Party Advisory
www.openwall.com/lists/oss-security/2016/08/02/2nvdPatchThird Party Advisory
github.com/sheehan/grails-console/issues/55nvdPatchVendor Advisory
github.com/sheehan/grails-console/issues/54nvdExploitVendor Advisory
www.openwall.com/lists/oss-security/2016/08/03/9nvdThird Party Advisory
www.securityfocus.com/bid/92267nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000