1 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. • https://pivotal.io/security/cve-2014-3626 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •