CVE-2012-1833

https://notcve.org/view.php?id=CVE-2012-1833

28 Sep 2012 — VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application. VMware SpringSource Grails antes de v1.3.8, y v2.x antes de v2.0.2, no restringe correctamente el enlace a los datos, lo que podría permitir a atacantes remotos eludir las restricciones de acceso y modificar las propiedades de objetos de su ele... • http://secunia.com/advisories/51113 • CWE-264: Permissions, Privileges, and Access Controls •