3 matches found
com.erudika:para-cache-hazelcast (>=1.26.0 <=1.40.1), com.erudika:para-client (>=1.13 <=1.45.10) +9 more potentially affected by CVE-2022-1848 via com.erudika:para-core (>=1.13 <=1.45.9)
com.erudika:para-core MAVEN version =1.13, =1.26.0, =1.13, =1.20.0, =1.18.0, =1.28.1, =1.30.0, =1.25.0, =1.29.0, =1.28.0, =1.13, =1.24.4, =1.45.10 Source cves: CVE-2022-1848 Source advisory: OSV:GHSA-4793-8WWH-JXXR...
CVE-2022-1848
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
CVE-2022-1848
CVE-2022-1848 affects the Erudika Para project prior to version 1.45.11. Multiple connected sources describe a business logic error, including a race condition in com.erudika:para-core (validateObject) that can allow a user to abuse account/app-related logic. This is documented across sources (Gi...