exploitDog

GHSA-w2gg-fjfh-g555

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

Ссылки

EPSS

Процентиль: 41%

0.00187

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2018-15833

CVSS3: 4.3

nvd

больше 7 лет назад

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

EPSS

Процентиль: 41%

0.00187

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-639