CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-17605

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2018-17605

Asset Pipeline Project » Asset-Pipeline » Version: 0.6.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:0.6.1
Asset Pipeline Project » Asset-Pipeline » Version: 0.6.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:0.6.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.0.10

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.0.10
Asset Pipeline Project » Asset-Pipeline » Version: 2.0.16

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.0.16
Asset Pipeline Project » Asset-Pipeline » Version: 2.0.17

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.0.17
Asset Pipeline Project » Asset-Pipeline » Version: 2.0.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.0.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.0.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.0.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.1.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.1.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.1.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.1.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.10.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.10.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.10.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.10.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.10.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.10.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.10.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.10.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.11.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.11.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.11.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.11.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.11.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.11.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.11.5

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.11.5
Asset Pipeline Project » Asset-Pipeline » Version: 2.11.6

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.11.6
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.5

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.5
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.6

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.6
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.7

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.7
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.8

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.8
Asset Pipeline Project » Asset-Pipeline » Version: 2.12.9

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.12.9
Asset Pipeline Project » Asset-Pipeline » Version: 2.13.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.13.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.13.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.13.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.13.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.13.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.14.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.14.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.14.10

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.14.10
Asset Pipeline Project » Asset-Pipeline » Version: 2.14.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.14.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.14.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.14.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.14.7

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.14.7
Asset Pipeline Project » Asset-Pipeline » Version: 2.15.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.15.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.15.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.15.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.2.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.2.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.2.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.2.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.2.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.2.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.2.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.2.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.2.5

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.2.5
Asset Pipeline Project » Asset-Pipeline » Version: 2.3.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.3.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.3.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.3.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.3.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.3.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.3.7

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.3.7
Asset Pipeline Project » Asset-Pipeline » Version: 2.3.8

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.3.8
Asset Pipeline Project » Asset-Pipeline » Version: 2.4.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.4.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.4.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.4.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.4.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.4.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.4.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.4.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.5.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.5.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.5.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.5.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.5.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.5.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.5.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.5.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.5.8

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.5.8
Asset Pipeline Project » Asset-Pipeline » Version: 2.6.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.6.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.6.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.6.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.6.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.6.3
Asset Pipeline Project » Asset-Pipeline » Version: 2.6.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.6.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.6.7

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.6.7
Asset Pipeline Project » Asset-Pipeline » Version: 2.6.9

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.6.9
Asset Pipeline Project » Asset-Pipeline » Version: 2.7.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.7.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.7.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.7.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.7.4

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.7.4
Asset Pipeline Project » Asset-Pipeline » Version: 2.8.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.8.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.8.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.8.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.8.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.8.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.9.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.9.0
Asset Pipeline Project » Asset-Pipeline » Version: 2.9.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.9.1
Asset Pipeline Project » Asset-Pipeline » Version: 2.9.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.9.2
Asset Pipeline Project » Asset-Pipeline » Version: 2.9.3

cpe:2.3:a:asset_pipeline_project:asset-pipeline:2.9.3
Asset Pipeline Project » Asset-Pipeline » Version: 3.0.0

cpe:2.3:a:asset_pipeline_project:asset-pipeline:3.0.0
Asset Pipeline Project » Asset-Pipeline » Version: 3.0.1

cpe:2.3:a:asset_pipeline_project:asset-pipeline:3.0.1
Asset Pipeline Project » Asset-Pipeline » Version: 3.0.2

cpe:2.3:a:asset_pipeline_project:asset-pipeline:3.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-17605

Products

Pricing

Contact Us