CVE-2023-46131 MEDIUM

CVE-2023-46131: Grails® data binding causes JVM crash and/or DoS

Vendor Grails

Product grails-core

Weakness CWE-400

Published December 20, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

Description

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

Key dates

Disclosure timeline

December 20, 2023 CVE published

August 2, 2024 Record updated

Identifiers

CVE CVE-2023-46131

CWE CWE-400

CVSS 6.5 / MEDIUM

Affected versions

Vendor Grails

Product grails-core

Affected >= 6.0.0, < 6.1.0

Vendor Grails

Product grails-core

Affected >= 5.0.0, < 5.3.4

Vendor Grails

Product grails-core

Affected >= 4.0.0, < 4.1.3

Vendor Grails

Product grails-core

Affected >= 2.0.0, < 3.3.17