22 matches found
EUVD-2025-34884
Ash has authorization bypass when bypass policy condition evaluates to true...
CVE-2025-48044
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
EEF-CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before...
CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
CVE-2025-48044
CVE-2025-48044 concerns an authorization bypass in ash-project ash due to a bug in lib/ash/policy/policy.ex (Elixir.Ash.Policy.Policy):expression/2. Affected versions are ash 3.6.3 up to, but not including, 3.7.1 (commit range 79749c... to 8b83efa...). The vulnerability can cause bypass when a by...
CVE-2025-48044
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
CVE-2025-48043
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
CVE-2025-48043
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
EEF-CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@...
CVE-2025-48043
CVE-2025-48043 describes an Incorrect Authorization vulnerability in the Ash Framework ('ash') that allows authentication bypass via the policy authorizer. The issue is tied to lib/ash/policy/authorizer/authorizer.ex and Elixir.Ash.Policy.Authorizer:strict_filters/2 and affects ash versions prior...
EUVD-2025-27096
Malicious code in bioql PyPI...
CVE-2025-48042
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...
CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...
CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...
Malicious code in grove-1tzhe-m74x3-ash-project (npm)
The package grove-1tzhe-m74x3-ash-project was found to contain malicious code...
Malicious code in moondust-pyxu5-vbgaq-ash-project (npm)
The package moondust-pyxu5-vbgaq-ash-project was found to contain malicious code...
Malicious code in birch-a5vvj-zhve1-ash-project (npm)
The package birch-a5vvj-zhve1-ash-project was found to contain malicious code...