
We found results for “”
CVE-2023-35167
Good to know:

Date: June 23, 2023
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the "@Entity" decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the "id" of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the "apiPrefilter" option to a filter object instead of a function.
Language: TYPE_SCRIPT
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |