CVE-2021-32834 | Arbitrary Groovy script evaluation in Eclipse Keti
Exp
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
Conclusion & alert: CVE-2021-32834 is rated High Exploit Risk (67.7/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.92%).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB).Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2021-32834
Exploit prediction scoring system (EPSS) score for CVE-2021-32834
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).