We found results for “”
WS-2019-0247
Good to know:
Date: May 29, 2019
In loopback, versions before v2.42.0 (2.x) and before v3.26.0 (3.x) are vulnerable to sensitive data exposure when Invalid API requests to the login endpoint may return information about the first user in the database.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Information Leak / Disclosure
CWE-200Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |