CVE Vulnerabilities

CVE-2012-1833

Published: Sep 28, 2012 | Modified: Mar 02, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.

Affected Software

Name Vendor Start Version End Version
Grails Springsource * 1.3.7 (including)
Grails Springsource 1.1.0 (including) 1.1.0 (including)
Grails Springsource 1.1.1 (including) 1.1.1 (including)
Grails Springsource 1.1.2 (including) 1.1.2 (including)
Grails Springsource 1.2.0 (including) 1.2.0 (including)
Grails Springsource 1.2.1 (including) 1.2.1 (including)
Grails Springsource 1.2.2 (including) 1.2.2 (including)
Grails Springsource 1.3.0 (including) 1.3.0 (including)
Grails Springsource 1.3.1 (including) 1.3.1 (including)
Grails Springsource 1.3.2 (including) 1.3.2 (including)
Grails Springsource 1.3.3 (including) 1.3.3 (including)
Grails Springsource 1.3.4 (including) 1.3.4 (including)
Grails Springsource 1.3.5 (including) 1.3.5 (including)
Grails Springsource 1.3.6 (including) 1.3.6 (including)
Grails Springsource 2.0 (including) 2.0 (including)
Grails Springsource 2.0.1 (including) 2.0.1 (including)

References