ByteOS Network

NVD Vulnerability Details :

CVE-2023-46131

Analyzed

Source-security-advisories@github.com

Published At-21 Dec, 2023 | 00:15

Updated At-02 Jan, 2024 | 16:39

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CPE Matches

grails>>grails>>Versions before 3.3.17(exclusive)

cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

grails>>grails>>Versions from 4.0.0(inclusive) to 4.1.3(exclusive)

cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

grails>>grails>>Versions from 5.0.0(inclusive) to 5.3.4(exclusive)

cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

grails>>grails>>Versions from 6.0.0(inclusive) to 6.1.0(exclusive)

cpe:2.3:a:grails:grails:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-400	Secondary	security-advisories@github.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-400

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60	security-advisories@github.com	Patch
https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3	security-advisories@github.com	Patch
https://github.com/grails/grails-core/issues/13302	security-advisories@github.com	Issue Tracking
https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5	security-advisories@github.com	Vendor Advisory
https://grails.org/blog/2023-12-20-cve-data-binding-dos.html	security-advisories@github.com	Vendor Advisory