8 matches found
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...
GHSA-HF59-7RWQ-785M In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...
CVE-2024-49756
AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...
CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...
CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...
CVE-2024-49756
AshPostgres (Ash Framework data layer) has a vulnerability in versions 2.0.0 through 2.4.9 where update actions that are empty (no field changes) could skip policies and trigger side effects. The issue is limited to such actions and does not enable reading new data. It requires specific condition...
AshPostgres 安全漏洞
AshPostgres is an Ash Framework open source a PostgreSQL data layer for the Ash Framework. A security vulnerability exists in AshPostgres versions prior to 2.0.0 through 2.4.10, which stems from a policy that may be skipped for update operations under certain circumstances, resulting in the...
PT-2024-9137 · Unknown · Ashpostgres
Name of the Vulnerable Software and Affected Versions: AshPostgres versions 2.0.0 through 2.4.9 Description: The issue is related to the skipping of policies in update actions under specific conditions, allowing side effects to be triggered when they should not have been. This occurs only on...