CVE-2023-31138

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...

CVE-2023-31138

CVE-2023-31138 affects DHIS2 Core: starting in the 2.36 branch and before 2.37.9.1, 2.38.3.1, or 2.39.1.2, authenticated users with write access to an object may modify related objects via object model traversal in a PATCH payload. Mitigation is to upgrade to a supported version: 2.37.9.1, 2.38.3...