CVE-2012-1833
First published: Fri Sep 28 2012(Updated: )
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SpringSource Grails | <=1.3.7 | |
| SpringSource Grails | =1.1.0 | |
| SpringSource Grails | =1.1.1 | |
| SpringSource Grails | =1.1.2 | |
| SpringSource Grails | =1.2.0 | |
| SpringSource Grails | =1.2.1 | |
| SpringSource Grails | =1.2.2 | |
| SpringSource Grails | =1.3.0 | |
| SpringSource Grails | =1.3.1 | |
| SpringSource Grails | =1.3.2 | |
| SpringSource Grails | =1.3.3 | |
| SpringSource Grails | =1.3.4 | |
| SpringSource Grails | =1.3.5 | |
| SpringSource Grails | =1.3.6 | |
| SpringSource Grails | =2.0 | |
| SpringSource Grails | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/springsource
- canonical/springsource grails
- version/springsource grails/1.3.7
- version/springsource grails/1.1.0
- version/springsource grails/1.1.1
- version/springsource grails/1.1.2
- version/springsource grails/1.2.0
- version/springsource grails/1.2.1
- version/springsource grails/1.2.2
- version/springsource grails/1.3.0
- version/springsource grails/1.3.1
- version/springsource grails/1.3.2
- version/springsource grails/1.3.3
- version/springsource grails/1.3.4
- version/springsource grails/1.3.5
- version/springsource grails/1.3.6
- version/springsource grails/2.0
- version/springsource grails/2.0.1