CVE-2021-46249

2022-02-1523:15:07

Google

osv.dev

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.

References

github.com/ScratchVerifier/ScratchOAuth2/commit/d856dc704b2504cd3b92cf089fdd366dd40775d6