icon

We found results for “

CVE-2023-35167

Good to know:

icon

Date: June 23, 2023

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the "@Entity" decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the "id" of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the "apiPrefilter" option to a filter object instead of a function.

Language: TYPE_SCRIPT

Severity Score

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

icon

Upgrade Version

Upgrade to version remult - 0.20.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us