GHSA-WCR3-9X4C-F5GJ Blnk has an API key authorization bypass in owner and scope enforcement
Blnk API key endpoints had an authorization issue that allowed non-master API keys to perform key-management actions outside their intended authorization boundary. In affected versions, API key operations trusted caller-controlled request values for owner and scope decisions. As a result, a...