High severity7.5NVD Advisory· Published Sep 28, 2018· Updated Jun 17, 2026
CVE-2018-17605
CVE-2018-17605
Description
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.grails.plugins:asset-pipelineMaven | < 3.0.4 | 3.0.4 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017nvdPatchWEB
- github.com/advisories/GHSA-g7wm-22m6-5774ghsaADVISORY
- github.com/grails/grails-core/issues/11068nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-17605ghsaADVISORY
News mentions
0No linked articles in our index yet.