Remote Code Execution (RCE) Vulnerability in Groovy Script Rendering

Remote Code Execution (RCE) Vulnerability in Groovy Script Rendering

CVE-2021-23259 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Learn more about our Web App Pen Testing.