Lucene search

K

[email protected]NVD:CVE-2023-46131

HistoryDec 21, 2023 - 12:15 a.m.

CVE-2023-46131

2023-12-2100:15:25

CWE-400

[email protected]

web.nvd.nist.gov

1

grails framework

web application

groovy

jvm crash

denial of service

data binding

vulnerability

patched

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.3%

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

Affected configurations

NVD

Node

grailsgrailsRange<3.3.17

OR

grailsgrailsRange4.0.0–4.1.3

OR

grailsgrailsRange5.0.0–5.3.4

OR

grailsgrailsRange6.0.0–6.1.0

References

github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60

github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3

github.com/grails/grails-core/issues/13302

github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5

grails.org/blog/2023-12-20-cve-data-binding-dos.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.3%

Related for NVD:CVE-2023-46131

cve1 hp1 osv2 prion1 veracode1 github1 cvelist1