EUVD-2025-33747

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies...

CVE-2025-48043

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

CVE-2025-48043

CVE-2025-48043 describes an Incorrect Authorization vulnerability in the Ash Framework ('ash') that allows authentication bypass via the policy authorizer. The issue is tied to lib/ash/policy/authorizer/authorizer.ex and Elixir.Ash.Policy.Authorizer:strict_filters/2 and affects ash versions prior...

PT-2025-41572

Name of the Vulnerable Software and Affected Versions ash versions prior to 3.6.2 Description An incorrect authorization issue exists in ash-project ash, allowing authentication bypass. The issue is associated with the program files lib/ash/policy/authorizer/authorizer.ex and the...

BIT-NIFI-2020-13940

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...

CVE-2020-13940

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...

XML External Entity (XXE)

nifi-framework-api is vulnerable to XML external entity XXE attack. An attacker is able to submit requests on behalf of the server via an XXE attack as the notification service manager and various policy authorizer and user group provider objects allow trusted administrators to inadvertently...