CVE-2023-46131

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
grailsgrails
𝑥
< 3.3.17
grailsgrails
4.0.0 ≤
𝑥
< 4.1.3
grailsgrails
5.0.0 ≤
𝑥
< 5.3.4
grailsgrails
6.0.0 ≤
𝑥
< 6.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60
https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3
https://github.com/grails/grails-core/issues/13302
https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5
https://grails.org/blog/2023-12-20-cve-data-binding-dos.html
https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60
https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3
https://github.com/grails/grails-core/issues/13302
https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5
https://grails.org/blog/2023-12-20-cve-data-binding-dos.html