Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-974j-wjxx-wggj

Опубликовано: 14 окт. 2019
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Incorrect Access Control vulnerability in api-platform/core

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.

Ссылки

Пакеты

Наименование

api-platform/core

composer
Затронутые версииВерсия исправления

>= 2.2.0, < 2.2.10

2.2.10

Наименование

api-platform/core

composer
Затронутые версииВерсия исправления

>= 2.3.0, < 2.3.6

2.3.6

EPSS

Процентиль: 37%
0.00161
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-1000011

Дефекты

CWE-284

Связанные уязвимости

nvd логотип

CVE-2019-1000011

CVSS3: 6.5
nvd
около 7 лет назад

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.

EPSS

Процентиль: 37%
0.00161
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-1000011

Дефекты

CWE-284