Lucene search
K

5 matches found

CVE
CVE
added 2023/06/23 7:3 p.m.53 views

CVE-2023-35167

Remult vulnerability CVE-2023-35167 affects the apiPrefilter option on the @Entity decorator in Remult (TypeScript full‑stack framework). When apiPrefilter is set to a function that returns a filter, an attacker who knows an entity id could access data they should not be allowed to read, update, ...

6.3CVSS5.5AI score0.00546EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 7:3 p.m.13 views

CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...

5CVSS6.6AI score0.00546EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/23 7:3 p.m.16 views

CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...

5CVSS6.4AI score0.00546EPSS
Exploits0References3
OSV
OSV
added 2023/06/23 7:3 p.m.14 views

CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...

5CVSS6.4AI score0.00546EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/06/20 6:50 p.m.5 views

@harmony.ac/runner (>=0.0.0 <=2.1.0) potentially affected by CVE-2023-35167 via remult (=0.18.1)

remult NPM version =0.18.1 is affected by a known vulnerability. The following packages have a transitive dependency on remult and may be impacted: - @harmony.ac/runner =0.0.0, =2.1.0 Source cves: CVE-2023-35167 Source advisory: OSV:GHSA-7HH3-3X64-V2G9...

6.3CVSS6.5AI score0.00546EPSS
Exploits0
Rows per page
Query Builder