Maven package
org.grails.plugins/asset-pipeline
pkg:maven/org.grails.plugins/asset-pipeline
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000817 | Hig | 7.5 | < 2.14.1 | 2.14.1 | Dec 20, 2018 | Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable | |
| CVE-2018-17605 | Hig | 7.5 | < 3.0.4 | 3.0.4 | Sep 28, 2018 | An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traver |
- affected < 2.14.1fixed 2.14.1
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable
- affected < 3.0.4fixed 3.0.4
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traver