nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

Impact In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoi...

nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoint also...

PT-2018-4879 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jquery versions 3.0.0-rc.1 Description: The issue arises due to the removal of logic that lowercased attribute names, leading to an infinite recursion when attribute getters use mixed-cased names for boolean attributes. This results in...