CVE-2018-17605

Published: Sep 28, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017

x_refsource_MISC

https://github.com/grails/grails-core/issues/11068

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-17605

Description

Affected Products

References