5 matches found
CVE-2026-54698
Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field returning SETOF sometable to infer row values that ought to be filtered for their role based on sometable's row-level permissions. While...
CVE-2026-54698 Hasura: Row-level authorization bypass on table computed fields
Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field returning SETOF sometable to infer row values that ought to be filtered for their role based on sometable's row-level permissions. While...
PT-2026-56262
Name of the Vulnerable Software and Affected Versions Hasura versions prior to 2.49.2 Hasura versions prior to 2.45.5 Description A flaw exists where a user can employ a where clause on a table computed field that returns SETOF some table to infer row values. This occurs even when those rows shou...
PT-2023-27914 · Gofiber · Gofiber
Name of the Vulnerable Software and Affected Versions: gofiber versions prior to 2.49.2 Description: The issue impacts users who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost...
Fedora 27 : seamonkey (2018-c6cb18d057)
Update to 2.49.2 Based on the Firefox/Thunderbird ESR extension support release code version 52.6.1 Fixes various security issues, see https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-e sr/ and https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbi rd/ for more...