Naver Ngrinder vulnerabilities
7 known vulnerabilities affecting naver/ngrinder.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-28213P2CRITICALCVSS 9.8fixed in 3.5.92024-03-07
CVE-2024-28213 [CRITICAL] CWE-502 CVE-2024-28213: nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which cou
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
nvd
CVE-2024-28212P3CRITICALCVSS 9.8fixed in 3.5.92024-03-07
CVE-2024-28212 [CRITICAL] CWE-502 CVE-2024-28212: nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute ar
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
nvd
CVE-2024-28211P3CRITICALCVSS 9.8fixed in 3.5.92024-03-07
CVE-2024-28211 [CRITICAL] CWE-502 CVE-2024-28211: nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the c
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
nvd
CVE-2024-28215P3HIGHCVSS 7.5fixed in 3.5.92024-03-07
CVE-2024-28215 [HIGH] CWE-862 CVE-2024-28215: nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of ac
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
nvd
CVE-2024-28216P4MEDIUMCVSS 5.4fixed in 3.5.92024-03-07
CVE-2024-28216 [MEDIUM] CWE-862 CVE-2024-28216: nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of ac
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
nvd
CVE-2016-5060P4MEDIUMCVSS 6.1≤ 3.32016-12-13
CVE-2016-5060 [MEDIUM] CWE-79 CVE-2016-5060: Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.
nvd
CVE-2024-28214P4LOWCVSS 2.7fixed in 3.5.92024-03-07
CVE-2024-28214 [LOW] CWE-405 CVE-2024-28214: nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
nvd