Описание
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.
EPSS
Процентиль: 10%
0.00035
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-266
Связанные уязвимости
CVSS3: 6.3
github
18 дней назад
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.
EPSS
Процентиль: 10%
0.00035
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-266