Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/16 10:48 p.m.15 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:48 p.m.11 views

Insufficient Verification of Data Authenticity

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary us...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:48 p.m.9 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 10:48 p.m.6 views

Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server

Summary The approval-resolution endpoints POST /approvals/:id/approve, /reject, /request-revision accept a client-supplied decidedByUserId field in the request body and write it verbatim into the authoritative approvals.decidedByUserId column — without cross-checking it against the authenticated...

6.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder