CVE-2023-46131

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-46131
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46131.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-46131
Aliases
Published
2023-12-20T23:24:27Z
Modified
2025-10-31T04:18:16.115778Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Grails® data binding causes JVM crash and/or DoS
Details

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

Database specific 
{
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/apache/grails-core

Affected ranges

Type
GIT
Repo
https://github.com/apache/grails-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
74326bdd2cf7dcb594092165e9464520f8366c60
Fixed
c401faaa6c24c021c758b95f72304a0e855a8db3

Affected versions

v0.*

v0.1
v0.2
v0.3
v0.4
v0.4.1
v0.4.2
v0.5
v0.5.5
v0.5.5.RC1
v0.5.6
v0.5.RC1
v0.5.RC2
v0.6
v0.6.RC1

v1.*

v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.RC1
v1.0.RC2
v1.0.RC3
v1.0.RC4
v1.1.1
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3M1
v1.3RC1
v1.4.0.M1

v2.*

v2.0.0
v2.0.0.M1
v2.0.0.M2
v2.0.0.RC1
v2.0.0.RC2
v2.0.0.RC3
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.0.RC1
v2.1.0.RC2
v2.1.0.RC3
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.0.RC1
v2.2.0.RC2
v2.2.0.RC3
v2.2.0.RC4
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.0.M1
v2.3.0.M2
v2.3.0.RC1
v2.3.0.RC2
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.M1
v2.4.0.M2
v2.4.0.RC1
v2.4.0.RC2
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2

v3.*

v3.0.0
v3.0.0.M1
v3.0.0.M2
v3.0.0.RC1
v3.0.0.RC2
v3.0.0.RC3
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.0.M1
v3.1.0.M2
v3.1.0.M3
v3.1.0.RC1
v3.1.0.RC2
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.14
v3.1.15
v3.1.16
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2
v3.2.1
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.0.M1
v3.3.0.M2
v3.3.0.RC1
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9

v4.*

v4.0.0
v4.0.0.M1
v4.0.0.M2
v4.0.0.RC1
v4.0.0.RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2

Git / github.com/grails/grails-core

Affected ranges

Type
GIT
Repo
https://github.com/grails/grails-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a1e5c062c20ebc6004bc03e39bbd3d400406c5c2

Affected versions

v0.*

v0.1
v0.2
v0.3
v0.4
v0.4.1
v0.4.2
v0.5
v0.5.5
v0.5.5.RC1
v0.5.6
v0.5.RC1
v0.5.RC2
v0.6
v0.6.RC1

v1.*

v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.RC1
v1.0.RC2
v1.0.RC3
v1.0.RC4
v1.1.1
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3M1
v1.3RC1
v1.4.0.M1

v2.*

v2.0.0
v2.0.0.M1
v2.0.0.M2
v2.0.0.RC1
v2.0.0.RC2
v2.0.0.RC3
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.0.RC1
v2.1.0.RC2
v2.1.0.RC3
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.0.RC1
v2.2.0.RC2
v2.2.0.RC3
v2.2.0.RC4
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.0.M1
v2.3.0.M2
v2.3.0.RC1
v2.3.0.RC2
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.M1
v2.4.0.M2
v2.4.0.RC1
v2.4.0.RC2
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2

v3.*

v3.0.0
v3.0.0.M1
v3.0.0.M2
v3.0.0.RC1
v3.0.0.RC2
v3.0.0.RC3
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.0.M1
v3.1.0.M2
v3.1.0.M3
v3.1.0.RC1
v3.1.0.RC2
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.14
v3.1.15
v3.1.16
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2
v3.2.1
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.0.M1
v3.3.0.M2
v3.3.0.RC1
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/grails/grails-core/commit/a1e5c062c20ebc6004bc03e39bbd3d400406c5c2",
        "target": {
            "function": "testGrailsVersion",
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-46131-5aa4a77a",
        "signature_type": "Function",
        "digest": {
            "length": 89.0,
            "function_hash": "285370394617566884857863694342641515638"
        }
    },
    {
        "source": "https://github.com/grails/grails-core/commit/a1e5c062c20ebc6004bc03e39bbd3d400406c5c2",
        "target": {
            "file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-46131-f633d919",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "130431675608071333095843898851711893356",
                "21494170457314484516170706289539913189",
                "73441350588505585438140269813517716538",
                "43316565359570715933884811531944808587"
            ]
        }
    }
]