VYPR

Maven package

org.grails.plugins/asset-pipeline

pkg:maven/org.grails.plugins/asset-pipeline

Vulnerabilities (2)

  • CVE-2018-1000817HigDec 20, 2018
    affected < 2.14.1fixed 2.14.1

    Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable

  • CVE-2018-17605HigSep 28, 2018
    affected < 3.0.4fixed 3.0.4

    An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traver