CVE-2023-46131

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-46131
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46131.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-46131
Aliases
Published
2023-12-20T23:24:27.227Z
Modified
2026-02-15T00:42:41.549940Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Grails® data binding causes JVM crash and/or DoS
Details

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-400"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46131.json"
}
References

Affected packages

Git / github.com/apache/grails-core

Affected ranges

Type
GIT
Repo
https://github.com/apache/grails-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
74326bdd2cf7dcb594092165e9464520f8366c60
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c401faaa6c24c021c758b95f72304a0e855a8db3

Affected versions

v0.*
v0.1
v0.2
v0.3
v0.4
v0.4.1
v0.4.2
v0.5
v0.5.5
v0.5.5.RC1
v0.5.6
v0.5.RC1
v0.5.RC2
v0.6
v0.6.RC1
v1.*
v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.RC1
v1.0.RC2
v1.0.RC3
v1.0.RC4
v1.1.1
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3M1
v1.3RC1
v1.4.0.M1
v2.*
v2.0.0
v2.0.0.M1
v2.0.0.M2
v2.0.0.RC1
v2.0.0.RC2
v2.0.0.RC3
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.0.RC1
v2.1.0.RC2
v2.1.0.RC3
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.0.RC1
v2.2.0.RC2
v2.2.0.RC3
v2.2.0.RC4
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.0.M1
v2.3.0.M2
v2.3.0.RC1
v2.3.0.RC2
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.M1
v2.4.0.M2
v2.4.0.RC1
v2.4.0.RC2
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2
v3.*
v3.0.0
v3.0.0.M1
v3.0.0.M2
v3.0.0.RC1
v3.0.0.RC2
v3.0.0.RC3
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.0.M1
v3.1.0.M2
v3.1.0.M3
v3.1.0.RC1
v3.1.0.RC2
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.14
v3.1.15
v3.1.16
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2
v3.2.1
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.0.M1
v3.3.0.M2
v3.3.0.RC1
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v4.*
v4.0.0
v4.0.0.M1
v4.0.0.M2
v4.0.0.RC1
v4.0.0.RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46131.json"

Git / github.com/grails/grails-core

Affected ranges

Type
GIT
Repo
https://github.com/grails/grails-core
Events
Introduced
10252ac29a53968cb14380078386089185cb514c
Fixed
c1f137cdfd4b136fb1fcff720b58ab6cd3a5c94b
Introduced
b6337fc5ec6c38c04aad8f802a7b345325a24711
Fixed
46bd1e84369304f34d98108356bf7f390527a9c4
Introduced
ea30f160d8b7f207bc0c0e9919453eb41148bf70
Fixed
380df5277808d736896dce38363bd19aa9729d83

Affected versions

Other
archive/master
v3.*
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v4.*
v4.0.0
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2
v5.*
v5.0.0
v5.0.1
v5.0.2
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.3.0
v5.3.1
v5.3.2
v5.3.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46131.json"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "180278373709165118417166122179622297968",
                "26059604116491701966158775258683094083",
                "39516088956461942001629526441418841973",
                "56771208745788233037596262371718699855"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2023-46131-0057cfe5",
        "source": "https://github.com/grails/grails-core/commit/46bd1e84369304f34d98108356bf7f390527a9c4",
        "target": {
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 82.0,
            "function_hash": "108601858541748486099231159226667596254"
        },
        "signature_type": "Function",
        "id": "CVE-2023-46131-411db7e9",
        "source": "https://github.com/grails/grails-core/commit/46bd1e84369304f34d98108356bf7f390527a9c4",
        "target": {
            "function": "testGrailsVersion",
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 82.0,
            "function_hash": "184841908302478389270118139807086425292"
        },
        "signature_type": "Function",
        "id": "CVE-2023-46131-8eb80d9c",
        "source": "https://github.com/grails/grails-core/commit/380df5277808d736896dce38363bd19aa9729d83",
        "target": {
            "function": "testGrailsVersion",
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "58988914909210438975374164824513154132",
                "112889167782485667212421752624805111888",
                "236408529206960066417413273184127917569",
                "45618127076438977776807525920629884833"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2023-46131-df47b564",
        "source": "https://github.com/grails/grails-core/commit/380df5277808d736896dce38363bd19aa9729d83",
        "target": {
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "337496942895711058712666699513223965884",
                "107103859451640210312626046319643736042",
                "304875401731763760510325088291425210408",
                "213175982824135846302367363610967692969"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2023-46131-e033b636",
        "source": "https://github.com/grails/grails-core/commit/c1f137cdfd4b136fb1fcff720b58ab6cd3a5c94b",
        "target": {
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 82.0,
            "function_hash": "66563932974826409094969729312577659"
        },
        "signature_type": "Function",
        "id": "CVE-2023-46131-febe3f6b",
        "source": "https://github.com/grails/grails-core/commit/c1f137cdfd4b136fb1fcff720b58ab6cd3a5c94b",
        "target": {
            "function": "testGrailsVersion",
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        }
    }
]