5 matches found
CVE-2023-35167
Remult vulnerability CVE-2023-35167 affects the apiPrefilter option on the @Entity decorator in Remult (TypeScript full‑stack framework). When apiPrefilter is set to a function that returns a filter, an attacker who knows an entity id could access data they should not be allowed to read, update, ...
CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
@harmony.ac/runner (>=0.0.0 <=2.1.0) potentially affected by CVE-2023-35167 via remult (=0.18.1)
remult NPM version =0.18.1 is affected by a known vulnerability. The following packages have a transitive dependency on remult and may be impacted: - @harmony.ac/runner =0.0.0, =2.1.0 Source cves: CVE-2023-35167 Source advisory: OSV:GHSA-7HH3-3X64-V2G9...