Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Grails Asset Pipeline插件安全漏洞
Vulnerability Description
Grails是Grails项目开发的一套基于Groovy编程语言且用于快速开发Web应用的开源框架。Asset Pipeline plugin是使用在其中的一个用于处理静态资源的插件。 Grails Asset Pipeline插件3.0.4之前版本中存在安全漏洞。攻击者可利用该漏洞读取受影响程序的源代码。
CVSS Information
N/A
Vulnerability Type
N/A