First published: Fri Sep 28 2012(Updated: )
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SpringSource Grails | <=1.3.7 | |
SpringSource Grails | =1.1.0 | |
SpringSource Grails | =1.1.1 | |
SpringSource Grails | =1.1.2 | |
SpringSource Grails | =1.2.0 | |
SpringSource Grails | =1.2.1 | |
SpringSource Grails | =1.2.2 | |
SpringSource Grails | =1.3.0 | |
SpringSource Grails | =1.3.1 | |
SpringSource Grails | =1.3.2 | |
SpringSource Grails | =1.3.3 | |
SpringSource Grails | =1.3.4 | |
SpringSource Grails | =1.3.5 | |
SpringSource Grails | =1.3.6 | |
SpringSource Grails | =2.0 | |
SpringSource Grails | =2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.