Galette 安全漏洞

Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette versions prior to 1.2.0, which stems from elevated privileges that can be granted through a spoofed POST request...

in miodec/monkeytype

✍️ Description Users can bypass leaderboard controls and inject any object they want into the leaderboard by spoofing post requests to /checkLeaderboards. Malicious users can send specially crafted post requests and inject any user they want to the top of the leaderboard with any value words per...