Vulnerability Details CVE-2016-6521
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.openwall.com/lists/oss-security/2016/08/02/11
- http://www.openwall.com/lists/oss-security/2016/08/02/2
- http://www.openwall.com/lists/oss-security/2016/08/03/9
- http://www.securityfocus.com/bid/92267
- https://github.com/sheehan/grails-console/issues/54
- https://github.com/sheehan/grails-console/issues/55
- http://www.openwall.com/lists/oss-security/2016/08/02/11
- http://www.openwall.com/lists/oss-security/2016/08/02/2
- http://www.openwall.com/lists/oss-security/2016/08/03/9
- http://www.securityfocus.com/bid/92267
- https://github.com/sheehan/grails-console/issues/54
- https://github.com/sheehan/grails-console/issues/55