CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-46131 – Grails® data binding causes JVM crash and/or DoS
https://notcve.org/view.php?id=CVE-2023-46131
20 Dec 2023 — Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. Grails es un framework utilizado para crear aplicaciones web con el lenguaje de programación Groovy. • https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12728
https://notcve.org/view.php?id=CVE-2019-12728
04 Jun 2019 — Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. Grails anterior de la versión 3.3.10 usaba cleartext HTTP para resolver el servicio de notificación SDKMan. NOTA: las aplicaciones de los usuarios no resolvían las posesiones a través de HTTP de texto simple. • https://github.com/grails/grails-core/issues/11250 • CWE-494: Download of Code Without Integrity Check •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6521
https://notcve.org/view.php?id=CVE-2016-6521
23 Jan 2017 — Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. Vulnerabilidad de CSRF en la consola de Grails (también conocida como Grails Debug Console y Grails Web Console) 2.0.7, 1.5.10 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes... • http://www.openwall.com/lists/oss-security/2016/08/02/11 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2012-1833
https://notcve.org/view.php?id=CVE-2012-1833
28 Sep 2012 — VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application. VMware SpringSource Grails antes de v1.3.8, y v2.x antes de v2.0.2, no restringe correctamente el enlace a los datos, lo que podría permitir a atacantes remotos eludir las restricciones de acceso y modificar las propiedades de objetos de su ele... • http://secunia.com/advisories/51113 • CWE-264: Permissions, Privileges, and Access Controls •