3 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Sensitive Data Exposure
Decidim and Decidim-meetings is vulnerable to Sensitive Data Exposure. The vulnerability is due to using a third party library Ransack which allows filtering data on all attributes and associations. This allows an attacker to exfiltrate non-public data from underlying database by traversing...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to using an external library which, by default, allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database...