GHSA-724c-6vrf-99rq

Описание

Versions of loopback prior to 3.26.0 (3.x) and 2.42.0 (2.x) are vulnerable to Sensitive Data Exposure. Invalid API requests to the login endpoint may return information about the first user in the database. This can be used alongside other attacks for credential theft.

Recommendation

If you're using loopback 3.x upgrade to version 3.26.0 or later. If you're using loopback 2.x upgrade to version 2.42.0 or later.