Skip to main content

Grails

7 CVEs product

Monthly

CVE-2023-46131 Maven HIGH PATCH This Week

Grails is a framework used to build web applications with the Groovy programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Grails
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-12728 Maven HIGH POC PATCH This Week

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Grails
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2016-6521 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Grails
NVD GitHub VulDB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2014-2858 MEDIUM This Month

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Grails Resources Grails
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2857 MEDIUM This Month

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grails Resources Grails
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0053 MEDIUM This Month

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privilege Escalation Grails Resources Grails
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-1833 MEDIUM POC This Month

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Grails
NVD
CVSS 2.0
5.0
EPSS
0.2%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Grails is a framework used to build web applications with the Groovy programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Grails
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Grails
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Grails
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Grails Resources Grails
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grails Resources Grails
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privilege Escalation Grails Resources +1
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM POC This Month

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Grails
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy