Description

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.

Remediation

References

http://support.springsource.com/security/cve-2012-1833

http://www.securityfocus.com/bid/55763

http://secunia.com/advisories/51113

Related Vulnerabilities

CVE-2019-14862 Vulnerability in maven package li.rudin.mavenjs:knockout

CVE-2021-43138 Vulnerability in maven package org.webjars.bower:async

CVE-2017-16030 Vulnerability in maven package org.webjars.npm:useragent

CVE-2023-38695 Vulnerability in npm package @simonsmith/cypress-image-snapshot

CVE-2019-10779 Vulnerability in maven package stroom:stroom-app

Severity

Critical

Classification

CWE-264

Tags

Exploit Patch Vendor Advisory