VYPR
Vendor

Grails

Products
6
CVEs
5
Across products
5
Status
Private

Products

6

Recent CVEs

5
  • CVE-2016-6521HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.

  • CVE-2014-3626HigMar 19, 2018
    risk 0.49cvss 7.5epss 0.02

    The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the…

  • CVE-2017-6344MedFeb 27, 2017
    risk 0.38cvss 5.9epss 0.01

    XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.

  • CVE-2022-45448Sep 20, 2023
    risk 0.00cvss epss 0.00

    M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will…

  • CVE-2022-41923Nov 23, 2022
    risk 0.00cvss epss 0.02

    Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework…