Lucene search
+L

4 matches found

NVD
NVD
added 2023/11/20 5:15 p.m.44 views

CVE-2023-48218

The Strapi Protected Populate Plugin protects get endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has bee...

5.3CVSS0.00601EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/20 5:9 p.m.40 views

CVE-2023-48218 Strapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable

The Strapi Protected Populate Plugin protects get endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has bee...

5.3CVSS5.5AI score0.00601EPSS
Exploits0References3
CVE
CVE
added 2023/11/20 5:9 p.m.50 views

CVE-2023-48218

The CVE-2023-48218 issue affects the Strapi Protected Populate Plugin. Pre-1.3.4 versions allowed bypassing field-level security by populating fields the user should not access on get endpoints. It has been patched in version 1.3.4; no workarounds are documented. CVSSv3.1 base score 5.3 (NETWORK,...

5.3CVSS5.2AI score0.00601EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/20 5:9 p.m.29 views

CVE-2023-48218 Strapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable

The Strapi Protected Populate Plugin protects get endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has bee...

5.3CVSS5.3AI score0.00601EPSS
Exploits0References5
Rows per page
Query Builder