CVE-2018-1000817: Path Traversal

December 20, 2018 (updated October 3, 2019)

The Asset Pipeline Grails Plugin contains an Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in arbitrary file downloads.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000817

Detect and mitigate CVE-2018-1000817 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →