CVE-2023-46131
- Source
- https://cve.org/CVERecord?id=CVE-2023-46131
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46131.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-46131
- Aliases
- Published
- 2023-12-20T23:24:27.227Z
- Modified
- 2026-03-14T12:25:19.322475Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- GrailsĀ® data binding causes JVM crash and/or DoS
- Details
-
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46131.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-400" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46131.json
- https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60
- https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3
- https://github.com/grails/grails-core/issues/13302
- https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5
- https://grails.org/blog/2023-12-20-cve-data-binding-dos.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-46131
Affected packages
Git / github.com/apache/grails-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/grails-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
v0.*
v0.1
v0.2
v0.3
v0.4
v0.4.1
v0.4.2
v0.5
v0.5.5
v0.5.5.RC1
v0.5.6
v0.5.RC1
v0.5.RC2
v0.6
v0.6.RC1
v1.*
v1.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.RC1
v1.0.RC2
v1.0.RC3
v1.0.RC4
v1.1.1
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3M1
v1.3RC1
v1.4.0.M1
v2.*
v2.0.0
v2.0.0.M1
v2.0.0.M2
v2.0.0.RC1
v2.0.0.RC2
v2.0.0.RC3
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.0.RC1
v2.1.0.RC2
v2.1.0.RC3
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.0.RC1
v2.2.0.RC2
v2.2.0.RC3
v2.2.0.RC4
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.0.M1
v2.3.0.M2
v2.3.0.RC1
v2.3.0.RC2
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.M1
v2.4.0.M2
v2.4.0.RC1
v2.4.0.RC2
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2
v3.*
v3.0.0
v3.0.0.M1
v3.0.0.M2
v3.0.0.RC1
v3.0.0.RC2
v3.0.0.RC3
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.0.M1
v3.1.0.M2
v3.1.0.M3
v3.1.0.RC1
v3.1.0.RC2
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.14
v3.1.15
v3.1.16
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2
v3.2.1
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.0.M1
v3.3.0.M2
v3.3.0.RC1
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v4.*
v4.0.0
v4.0.0.M1
v4.0.0.M2
v4.0.0.RC1
v4.0.0.RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2
Git / github.com/grails/grails-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/grails/grails-core
- Events
- Database specific
{ "versions": [ { "introduced": "6.0.0" }, { "fixed": "6.1.0" } ] }
- Type
- GIT
- Repo
- https://github.com/grails/grails-core
- Events
- Database specific
{ "versions": [ { "introduced": "5.0.0" }, { "fixed": "5.3.4" } ] }
Affected versions
Other
archive/master
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.0.RC1
v2.1.0.RC2
v2.1.0.RC3
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.0.RC1
v2.2.0.RC2
v2.2.0.RC3
v2.2.0.RC4
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.3.0
v2.3.0.M1
v2.3.0.M2
v2.3.0.RC1
v2.3.0.RC2
v2.3.1
v2.3.10
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.M1
v2.4.0.M2
v2.4.0.RC1
v2.4.0.RC2
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2
v3.*
v3.0.0
v3.0.0.M1
v3.0.0.M2
v3.0.0.RC1
v3.0.0.RC2
v3.0.0.RC3
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.0.M1
v3.1.0.M2
v3.1.0.M3
v3.1.0.RC1
v3.1.0.RC2
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.14
v3.1.15
v3.1.16
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2
v3.2.1
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.0.M1
v3.3.0.M2
v3.3.0.RC1
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v4.*
v4.0.0
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2
v5.*
v5.0.0
v5.0.1
v5.0.2
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v6.*
v6.0.0
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
},
"id": "CVE-2023-46131-0057cfe5",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/46bd1e84369304f34d98108356bf7f390527a9c4",
"digest": {
"line_hashes": [
"180278373709165118417166122179622297968",
"26059604116491701966158775258683094083",
"39516088956461942001629526441418841973",
"56771208745788233037596262371718699855"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java",
"function": "testGrailsVersion"
},
"id": "CVE-2023-46131-411db7e9",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/46bd1e84369304f34d98108356bf7f390527a9c4",
"digest": {
"function_hash": "108601858541748486099231159226667596254",
"length": 82.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java",
"function": "testGrailsVersion"
},
"id": "CVE-2023-46131-5aa4a77a",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/a1e5c062c20ebc6004bc03e39bbd3d400406c5c2",
"digest": {
"function_hash": "285370394617566884857863694342641515638",
"length": 89.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java",
"function": "testGrailsVersion"
},
"id": "CVE-2023-46131-8eb80d9c",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/380df5277808d736896dce38363bd19aa9729d83",
"digest": {
"function_hash": "184841908302478389270118139807086425292",
"length": 82.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
},
"id": "CVE-2023-46131-df47b564",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/380df5277808d736896dce38363bd19aa9729d83",
"digest": {
"line_hashes": [
"58988914909210438975374164824513154132",
"112889167782485667212421752624805111888",
"236408529206960066417413273184127917569",
"45618127076438977776807525920629884833"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
},
"id": "CVE-2023-46131-e033b636",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/c1f137cdfd4b136fb1fcff720b58ab6cd3a5c94b",
"digest": {
"line_hashes": [
"337496942895711058712666699513223965884",
"107103859451640210312626046319643736042",
"304875401731763760510325088291425210408",
"213175982824135846302367363610967692969"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java"
},
"id": "CVE-2023-46131-f633d919",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/a1e5c062c20ebc6004bc03e39bbd3d400406c5c2",
"digest": {
"line_hashes": [
"130431675608071333095843898851711893356",
"21494170457314484516170706289539913189",
"73441350588505585438140269813517716538",
"43316565359570715933884811531944808587"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "grails-core/src/test/groovy/grails/util/GrailsUtilTests.java",
"function": "testGrailsVersion"
},
"id": "CVE-2023-46131-febe3f6b",
"deprecated": false,
"source": "https://github.com/grails/grails-core/commit/c1f137cdfd4b136fb1fcff720b58ab6cd3a5c94b",
"digest": {
"function_hash": "66563932974826409094969729312577659",
"length": 82.0
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46131.json"