GHSA-MRQX-MJC4-VFH3 wallabag subject to Improper Authorization via annotations
Impact The annotations feature lets users add annotations on highlighted parts of an entry. The controller does not validate authorization on PUT and DELETE requests which lets a logged user modify or delete any annotation using their ID on their endpoints example.org/annotations/id. These...