Описание
Private data exposure via REST API in BuddyPress
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed.
This has been patched in version 5.1.2.
Пакеты
Наименование
buddypress/buddypress
composer
Затронутые версииВерсия исправления
< 5.1.2
5.1.2
Связанные уязвимости
CVSS3: 8
nvd
почти 6 лет назад
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.