Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File reading vulnerability #11068

Closed
RicterZ opened this issue Aug 17, 2018 · 3 comments
Closed

File reading vulnerability #11068

RicterZ opened this issue Aug 17, 2018 · 3 comments

Comments

@RicterZ
Copy link

RicterZ commented Aug 17, 2018
edited
Loading

Hi, grails has a file reading vulnerability which can read source code (java bytecode) of affected applications. This flaw needs the grails packed to war, and the application is running on the jetty.

Reproduce

Masked

Expected Behaviour

404 or 403

Actual Behaviour

Masked

Environment Information

  • Operating System: Windows
  • Grails Version: the latest version
  • JDK Version: 1.8.0_181
@jameskleeh
Copy link
Contributor

@RicterZ This would be an issue with Spring Boot. Also for future reference it's a bad idea to report security vulnerabilities to a public issue tracker.

@jameskleeh
Copy link
Contributor

jameskleeh commented Aug 17, 2018
edited by osscontributor
Loading

I have contacted the pivotal security team and sent them this issue.

@RicterZ
Copy link
Author

RicterZ commented Aug 17, 2018

Thanks for your response, I removed the details

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jameskleeh @RicterZ