Описание
Erxes Incorrect Access Control vulnerability
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.
Пакеты
Наименование
erxes
npm
Затронутые версииВерсия исправления
< 1.6.1
1.6.1
Связанные уязвимости
CVSS3: 9.8
nvd
8 месяцев назад
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.