3 matches found
CVE-2021-3852
creationtimestamp| type| source ---|---|--- 2022-01-12 14:16:59+00:00| seen| https://t.me/cibsecurity/35321...
CVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key...
CVE-2021-3852
CVE-2021-3852 affects GROWI (WESEEK) and describes an authorization bypass through a user-controlled key. The connected sources specify an unauthenticated attacker could bypass authorization to delete arbitrary comments by abusing an endpoint such as /_api/comments.remove due to insufficient auth...