Описание
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.4 (исключая)
cpe:2.3:a:asset_pipeline_project:asset-pipeline:*:*:*:*:*:grails:*:*
EPSS
Процентиль: 63%
0.00451
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Asset Pipeline plugin for Grails vulnerable to Path Traversal
EPSS
Процентиль: 63%
0.00451
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22