Search
Find a vulnerability
Search criteria
2 vulnerabilities found for grails-core by grails
CVE-2023-46131 (GCVE-0-2023-46131)
Vulnerability from nvd – Published: 2023-12-20 23:24 – Updated: 2024-08-02 20:37
VLAI
Title
Grails® data binding causes JVM crash and/or DoS
Summary
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
Severity
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/grails/grails-core/security/ad… | x_refsource_CONFIRM |
| https://github.com/grails/grails-core/issues/13302 | x_refsource_MISC |
| https://github.com/grails/grails-core/commit/7432… | x_refsource_MISC |
| https://github.com/grails/grails-core/commit/c401… | x_refsource_MISC |
| https://grails.org/blog/2023-12-20-cve-data-bindi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| grails | grails-core |
Affected:
>= 6.0.0, < 6.1.0
Affected: >= 5.0.0, < 5.3.4 Affected: >= 4.0.0, < 4.1.3 Affected: >= 2.0.0, < 3.3.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5"
},
{
"name": "https://github.com/grails/grails-core/issues/13302",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/issues/13302"
},
{
"name": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60"
},
{
"name": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3"
},
{
"name": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grails-core",
"vendor": "grails",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.0"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.4"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.3"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 3.3.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T23:24:27.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5"
},
{
"name": "https://github.com/grails/grails-core/issues/13302",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/issues/13302"
},
{
"name": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60"
},
{
"name": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3"
},
{
"name": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html"
}
],
"source": {
"advisory": "GHSA-3pjv-r7w4-2cf5",
"discovery": "UNKNOWN"
},
"title": "Grails\u00ae data binding causes JVM crash and/or DoS "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46131",
"datePublished": "2023-12-20T23:24:27.227Z",
"dateReserved": "2023-10-16T17:51:35.573Z",
"dateUpdated": "2024-08-02T20:37:39.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46131 (GCVE-0-2023-46131)
Vulnerability from cvelistv5 – Published: 2023-12-20 23:24 – Updated: 2024-08-02 20:37
VLAI
Title
Grails® data binding causes JVM crash and/or DoS
Summary
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
Severity
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/grails/grails-core/security/ad… | x_refsource_CONFIRM |
| https://github.com/grails/grails-core/issues/13302 | x_refsource_MISC |
| https://github.com/grails/grails-core/commit/7432… | x_refsource_MISC |
| https://github.com/grails/grails-core/commit/c401… | x_refsource_MISC |
| https://grails.org/blog/2023-12-20-cve-data-bindi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| grails | grails-core |
Affected:
>= 6.0.0, < 6.1.0
Affected: >= 5.0.0, < 5.3.4 Affected: >= 4.0.0, < 4.1.3 Affected: >= 2.0.0, < 3.3.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5"
},
{
"name": "https://github.com/grails/grails-core/issues/13302",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/issues/13302"
},
{
"name": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60"
},
{
"name": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3"
},
{
"name": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grails-core",
"vendor": "grails",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.1.0"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.4"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.3"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 3.3.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T23:24:27.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5"
},
{
"name": "https://github.com/grails/grails-core/issues/13302",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/issues/13302"
},
{
"name": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60"
},
{
"name": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3"
},
{
"name": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://grails.org/blog/2023-12-20-cve-data-binding-dos.html"
}
],
"source": {
"advisory": "GHSA-3pjv-r7w4-2cf5",
"discovery": "UNKNOWN"
},
"title": "Grails\u00ae data binding causes JVM crash and/or DoS "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46131",
"datePublished": "2023-12-20T23:24:27.227Z",
"dateReserved": "2023-10-16T17:51:35.573Z",
"dateUpdated": "2024-08-02T20:37:39.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}