2 matches found
CVE-2019-1000011
CVE-2019-1000011 affects API Platform core (PHP) 2.2.0–2.3.5, due to an Incorrect Access Control flaw in GraphQL delete mutations. The vulnerability allows a user who is authorized to delete a resource to delete any resource. The issue’s impact and existence are documented in multiple sources (in...
CVE-2019-1000011: Access control bypass in GraphQL mutations
Q A Bug fix? yes New feature? no BC breaks? no Deprecations? no Tests pass? yes Fixed tickets 2364 License MIT Doc PR This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances see 2364...