Home > Vulnerability Database > CVE-2023-35167

Mend.io Vulnerability Database

CVE-2023-35167

Good to know:

Date: June 23, 2023

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the "@Entity" decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the "id" of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the "apiPrefilter" option to a filter object instead of a function.

Language: TYPE_SCRIPT

Severity Score

5.0

Related Resources (6)

Url: https://github.com/remult/remult

Url: https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9

Url: https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-35167

Url: https://github.com/remult/remult/releases/tag/v0.20.6

Url: https://www.mend.io/vulnerability-database/CVE-2023-35167

Severity Score

5.0

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version remult - 0.20.6

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-35167

Good to know:

Date: June 23, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?