Количество 2
Количество 2
CVE-2023-35167
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.
GHSA-7hh3-3x64-v2g9
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-35167 Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | CVSS3: 5 | 0% Низкий | больше 2 лет назад |
| GHSA-7hh3-3x64-v2g9 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id | CVSS3: 5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу