A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable.
Patches are available for Grails 3 and later.
No workaround is possible except to avoid data binding to request data.
{ "nvd_published_at": "2023-12-21T00:15:25Z", "cwe_ids": [ "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-20T21:12:09Z" }