28 matches found
CVE-2026-55736
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...
CVE-2026-55736
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...
CVE-2026-55736
CVE-2026-55736 (Ash project) : A logic flaw in Ash allows end-user input to set private action arguments intended to be server-controlled. In non-atomic paths, private arguments are stripped only when the parameter key is an atom; if the key is a string, the private argument remains controllable ...
CVE-2026-55736 Private action arguments can be set by user input in Ash
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...
EUVD-2026-38570
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...
EEF-CVE-2026-55736 Private action arguments can be set by user input in Ash
Summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are...
EUVD-2025-34884
Ash has authorization bypass when bypass policy condition evaluates to true...
CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
CVE-2025-48044
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
CVE-2025-48044
CVE-2025-48044 concerns an authorization bypass in ash-project ash due to a bug in lib/ash/policy/policy.ex (Elixir.Ash.Policy.Policy):expression/2. Affected versions are ash 3.6.3 up to, but not including, 3.7.1 (commit range 79749c... to 8b83efa...). The vulnerability can cause bypass when a by...
CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...
EEF-CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true
Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before...
CVE-2025-48043
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
EEF-CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict\filters/2. This issue affects ash: from pkg:hex/ash...
CVE-2025-48043
CVE-2025-48043 describes an Incorrect Authorization vulnerability in the Ash Framework ('ash') that allows authentication bypass via the policy authorizer. The issue is tied to lib/ash/policy/authorizer/authorizer.ex and Elixir.Ash.Policy.Authorizer:strict_filters/2 and affects ash versions prior...
CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...
EUVD-2025-27096
Malicious code in bioql PyPI...