@a-la-fois/api (>=0.0.25 <=0.0.39), @a-la-fois/doc-client (>=0.0.1 <=0.0.39) +45 more potentially affected by CVE-2023-3696 via mongoose (>=7.0.0 <=7.3.2)

mongoose NPM version =7.0.0, =0.0.25, =0.0.1, =0.0.25, =0.0.1, =0.0.25, =3.12.0, =2.0.18, =0.3.0, =0.3.0, =0.3.0, =1.0.0, =0.1.33, =0.1.35 - @meniuapp/data =0.0.2 and more Source cves: CVE-2023-3696 Source advisory: OSV:GHSA-9M93-W8W6-76HH...

CVE-2019-7619

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...

Design/Logic Flaw

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...