Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gopivotal | Grails | <= 1.5.9 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/08/02/11PatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/08/02/2PatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/08/03/9Third Party Advisory
- http://www.securityfocus.com/bid/92267
- https://github.com/sheehan/grails-console/issues/54ExploitVendor Advisory
- https://github.com/sheehan/grails-console/issues/55PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/08/02/11PatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/08/02/2PatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/08/03/9Third Party Advisory
- http://www.securityfocus.com/bid/92267
- https://github.com/sheehan/grails-console/issues/54ExploitVendor Advisory
- https://github.com/sheehan/grails-console/issues/55PatchVendor Advisory
FAQ
What is CVE-2016-6521?
CVE-2016-6521 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of u...
How severe is CVE-2016-6521?
CVE-2016-6521 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6521?
Check the references section above for vendor advisories and patch information. Affected products include: Gopivotal Grails.