10 matches found
EUVD-2023-1733
Malicious code in bioql PyPI...
CVE-2023-35167
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-35167
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
Design/Logic Flaw
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-35167
Remult vulnerability CVE-2023-35167 affects the apiPrefilter option on the @Entity decorator in Remult (TypeScript full‑stack framework). When apiPrefilter is set to a function that returns a filter, an attacker who knows an entity id could access data they should not be allowed to read, update, ...
Remult 访问控制错误漏洞
Remult is a full-stack CRUD framework from the Remult open source. An access control error vulnerability exists in versions of Remult prior to 0.20.6, which arises from setting apiPrefilter as an object allowing an attacker to gain read, update, and delete access to it...
@harmony.ac/runner (>=0.0.0 <=2.1.0) potentially affected by CVE-2023-35167 via remult (=0.18.1)
remult NPM version =0.18.1 is affected by a known vulnerability. The following packages have a transitive dependency on remult and may be impacted: - @harmony.ac/runner =0.0.0, =2.1.0 Source cves: CVE-2023-35167 Source advisory: OSV:GHSA-7HH3-3X64-V2G9...
PT-2023-25178 · Remult · Remult
Name of the Vulnerable Software and Affected Versions: Remult versions prior to 0.20.6 Description: The issue allows an attacker who knows the id of an entity instance they are not authorized to access to gain read, update, and delete access to it. This occurs when the apiPrefilter option of the...