GHSA-3pjv-r7w4-2cf5

Suggest an improvement
Source
https://github.com/advisories/GHSA-3pjv-r7w4-2cf5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-3pjv-r7w4-2cf5/GHSA-3pjv-r7w4-2cf5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-3pjv-r7w4-2cf5
Aliases
Related
Published
2023-12-20T21:12:09Z
Modified
2024-01-02T05:51:51.604435Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Grails data binding causes JVM crash and/or other denial of service
Details

Impact

A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable.

Patches

Patches are available for Grails 3 and later.

Workarounds

No workaround is possible except to avoid data binding to request data.

References

Database specific
{
    "nvd_published_at": "2023-12-21T00:15:25Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-20T21:12:09Z"
}
References

Affected packages

Maven / org.grails:grails-databinding

Package

Name
org.grails:grails-databinding
View open source insights on deps.dev
Purl
pkg:maven/org.grails/grails-databinding

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.0

Affected versions

6.*

6.0.0

Maven / org.grails:grails-databinding

Package

Name
org.grails:grails-databinding
View open source insights on deps.dev
Purl
pkg:maven/org.grails/grails-databinding

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.3.4

Affected versions

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.1.10
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.3.0
5.3.1
5.3.2
5.3.3

Maven / org.grails:grails-databinding

Package

Name
org.grails:grails-databinding
View open source insights on deps.dev
Purl
pkg:maven/org.grails/grails-databinding

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.3

Affected versions

4.*

4.0.0
4.0.1
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.1.0.M3
4.1.0.M4
4.1.0
4.1.1
4.1.2

Maven / org.grails:grails-databinding

Package

Name
org.grails:grails-databinding
View open source insights on deps.dev
Purl
pkg:maven/org.grails/grails-databinding

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
3.3.17

Affected versions

2.*

2.3.0.M1
2.3.0.M2
2.3.0.RC1
2.3.0.RC2
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10
2.3.11
2.4.0.M1
2.4.0.M2
2.4.0.RC1
2.4.0.RC2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6

3.*

3.0.0.M1
3.0.0.M2
3.0.0.RC2
3.0.0.RC3
3.0.0
3.0.1
3.0.3
3.0.4
3.0.5
3.0.6
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.1.0.M2
3.1.0.M3
3.1.0.RC1
3.1.0.RC2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.9
3.1.10
3.1.11
3.1.12
3.1.13
3.1.15
3.1.16
3.2.0.M1
3.2.0.M2
3.2.0.RC1
3.2.0.RC2
3.2.0
3.2.1
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.2.10
3.2.11
3.2.12
3.3.0.M1
3.3.0.M2
3.3.0.RC1
3.3.0
3.3.1
3.3.2
3.3.3
3.3.10
3.3.13
3.3.14
3.3.15
3.3.16