VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.00255Percentile:
0.48749
CVSS Scoring
CVSS v2 Score: 5.0
Severity:
Affected Products
cpe:2.3:a:springsource:grails:*:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:2.0:*:*:*:*:*:*:*
cpe:2.3:a:springsource:grails:2.0.1:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me