CVE-2014-2858
Grails Resources Plugin 1.0.0-1.2.5 - Directory Traversal via Configured Block
Title source: llmDescription
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531281/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www.gopivotal.com/security/cve-2014-0053
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html
Scores
EPSS
0.0299
EPSS Percentile
85.7%
Details
CWE
CWE-22
Status
published
Products (38)
gopivotal/grails
2.0.0
gopivotal/grails
2.0.1
gopivotal/grails
2.0.2
gopivotal/grails
2.0.3
gopivotal/grails
2.0.4
gopivotal/grails
2.1.0
gopivotal/grails
2.1.1
gopivotal/grails
2.1.2
gopivotal/grails
2.1.3
gopivotal/grails
2.1.4
... and 28 more
Published
Apr 15, 2014
Tracked Since
Feb 18, 2026