{"id":"CVE-2018-17605","details":"An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.","aliases":["GHSA-g7wm-22m6-5774"],"modified":"2026-04-10T04:07:06.961613Z","published":"2018-09-28T09:29:01.213Z","references":[{"type":"ADVISORY","url":"https://github.com/grails/grails-core/issues/11068"},{"type":"FIX","url":"https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bertramdev/asset-pipeline","events":[{"introduced":"0"},{"fixed":"a29533c52e4b60e244082433e116d2a038d01017"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.4"}]}},{"type":"GIT","repo":"https://github.com/wondrify/asset-pipeline","events":[{"introduced":"0"},{"fixed":"a29533c52e4b60e244082433e116d2a038d01017"}]}],"versions":["rel-0.6.1","rel-0.6.3","rel-2.0.10","rel-2.0.16","rel-2.0.17","rel-2.0.3","rel-2.0.4","rel-2.1.0","rel-2.1.1","rel-2.10.0","rel-2.10.1","rel-2.10.2","rel-2.10.3","rel-2.11.0","rel-2.11.1","rel-2.11.3","rel-2.11.5","rel-2.11.6","rel-2.12.0","rel-2.12.2","rel-2.12.4","rel-2.12.5","rel-2.12.6","rel-2.12.7","rel-2.12.8","rel-2.12.9","rel-2.13.0","rel-2.13.1","rel-2.13.2","rel-2.14.0","rel-2.14.10","rel-2.14.3","rel-2.15.0","rel-2.2.0","rel-2.2.1","rel-2.2.3","rel-2.2.4","rel-2.2.5","rel-2.3.0","rel-2.3.2","rel-2.3.4","rel-2.3.7","rel-2.4.0","rel-2.4.1","rel-2.4.2","rel-2.4.3","rel-2.5.0","rel-2.5.2","rel-2.5.3","rel-2.5.4","rel-2.5.8","rel-2.6.0","rel-2.6.2","rel-2.6.3","rel-2.6.4","rel-2.6.7","rel-2.7.0","rel-2.7.2","rel-2.7.4","rel-2.8.0","rel-2.8.1","rel-2.8.2","rel-2.9.0","rel-2.9.1","rel-3.0.0","rel-3.0.1","rel-3.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17605.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}