Vulnerabilities > Grails
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-46131 | Unspecified vulnerability in Grails Grails is a framework used to build web applications with the Groovy programming language. | 7.5 |
| 2022-11-23 | CVE-2022-41923 | Incorrect Authorization vulnerability in Grails Spring Security Core Grails Spring Security Core plugin is vulnerable to privilege escalation. | 9.8 |
| 2022-07-19 | CVE-2022-35912 | Unspecified vulnerability in Grails In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader. | 9.8 |
| 2019-06-04 | CVE-2019-12728 | Download of Code Without Integrity Check vulnerability in Grails Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. | 8.1 |
| 2018-06-26 | CVE-2018-1000529 | Cross-site Scripting vulnerability in Grails Fields 2.2.7 Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . | 6.1 |
| 2018-03-19 | CVE-2014-3626 | Path Traversal vulnerability in Grails Resources 1.2.0/1.2.12 The Grails Resource Plugin often has to exchange URIs for resources with other internal components. | 7.5 |
| 2017-02-27 | CVE-2017-6344 | XXE vulnerability in Grails PDF Plugin 0.6 XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | 5.9 |