2 matches found
CVE-2025-48042
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...
CVE-2025-48042
CVE-2025-48042 (ash) is an Incorrect Authorization vulnerability affecting ash where running a bulk action with a before_transaction hook and no after_transaction hook could cause a before_transaction to execute before authorization is checked. Affected versions are ash from pkg:hex/ash prior to ...