api-platform/core's secured properties may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

Prototype Pollution in mixme

Impact When copying properties from a source object to a target object, the target object can gain access to certain properties of the source object and modify their content. Patches The problem was patch with a more agressive discovery of secured properties to filter out...