Lucene search

K
osvGoogleOSV:GHSA-WR23-M9M2-JJF4
HistoryMay 13, 2022 - 1:12 a.m.

Bolt Improper Access Control

2022-05-1301:12:16
Google
osv.dev
3
bolt
access control
_profiler routes
eventlistener
profilerlistener
provider
eventlistenerserviceprovider

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

50.2%

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

50.2%