Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/08/02/11 | Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/08/02/2 | Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/08/03/9 | Third Party Advisory |
http://www.securityfocus.com/bid/92267 | |
https://github.com/sheehan/grails-console/issues/54 | Exploit Vendor Advisory |
https://github.com/sheehan/grails-console/issues/55 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-23T21:00:00
Updated: 2017-01-24T10:57:01
Reserved: 2016-08-02T00:00:00
Link: CVE-2016-6521
JSON object: View
NVD Information
Status : Modified
Published: 2017-01-23T21:59:02.080
Modified: 2017-01-26T02:59:02.207
Link: CVE-2016-6521
JSON object: View
Redhat Information
No data.
CWE