CVE-2023-46131

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*
cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*
cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*
cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

History

02 Jan 2024, 16:39

Type Values Removed Values Added
First Time Grails grails
Grails
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*
References () https://grails.org/blog/2023-12-20-cve-data-binding-dos.html - () https://grails.org/blog/2023-12-20-cve-data-binding-dos.html - Vendor Advisory
References () https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3 - () https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3 - Patch
References () https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5 - () https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5 - Vendor Advisory
References () https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60 - () https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60 - Patch
References () https://github.com/grails/grails-core/issues/13302 - () https://github.com/grails/grails-core/issues/13302 - Issue Tracking
CWE CWE-400 NVD-CWE-noinfo

21 Dec 2023, 02:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 00:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-46131

Mitre link : CVE-2023-46131

CVE.ORG link : CVE-2023-46131


JSON object : View

Products Affected

grails

  • grails
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption