Home > Vulnerability Database > CVE-2023-35167

Mend.io Vulnerability Database

CVE-2023-35167

Good to know:

Date: June 23, 2023

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.

Language: TYPE_SCRIPT

Severity Score

6.3

Related Resources (6)

Url: https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9

Url: https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-35167

Url: https://github.com/advisories/GHSA-7hh3-3x64-v2g9

Url: https://github.com/remult/remult/releases/tag/v0.20.6

Url: https://www.mend.io/vulnerability-database/CVE-2023-35167

Severity Score

6.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version remult - 0.20.6

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-35167

Good to know:

Date: June 23, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?