Medium severity6.5NVD Advisory· Published Dec 21, 2023· Updated Jun 17, 2026
CVE-2023-46131
CVE-2023-46131
Description
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.grails:grails-databindingMaven | >= 6.0.0, < 6.1.0 | 6.1.0 |
org.grails:grails-databindingMaven | >= 5.0.0, < 5.3.4 | 5.3.4 |
org.grails:grails-databindingMaven | >= 4.0.0, < 4.1.3 | 4.1.3 |
org.grails:grails-databindingMaven | >= 2.0.0, < 3.3.17 | 3.3.17 |
Affected products
2- grails/grails-corev5Range: >= 6.0.0, < 6.1.0
Patches
Vulnerability mechanics
References
7- github.com/grails/grails-core/commit/74326bdd2cf7dcb594092165e9464520f8366c60nvdPatchWEB
- github.com/grails/grails-core/commit/c401faaa6c24c021c758b95f72304a0e855a8db3nvdPatchWEB
- github.com/advisories/GHSA-3pjv-r7w4-2cf5ghsaADVISORY
- github.com/grails/grails-core/security/advisories/GHSA-3pjv-r7w4-2cf5nvdVendor AdvisoryWEB
- grails.org/blog/2023-12-20-cve-data-binding-dos.htmlnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-46131ghsaADVISORY
- github.com/grails/grails-core/issues/13302nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.