2 matches found
CVE-2016-10533
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for GET /User?distinct=password and get all the passwords for all the users in the...
CVE-2016-10533
CVE-2016-10533 affects express-restify-mongoose. Vulnerable versions (2.4.2 and earlier, and 3.0.X through 3.0.1) allow a malicious user to abuse GET /User?distinct=password to retrieve all user passwords, bypassing private field protections. The root cause is information leakage through listing/...