CVE-2023-46131

Summary

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

Affected Software

VendorProductVersion RangeStatus
grailsgrails-core>= 6.0.0, < 6.1.0affected
grailsgrails-core>= 5.0.0, < 5.3.4affected
grailsgrails-core>= 4.0.0, < 4.1.3affected
grailsgrails-core>= 2.0.0, < 3.3.17affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References