7 matches found
BIT-MASTODON-2022-31263
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions...
CVE-2022-31263
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions...
CVE-2022-31263
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions...
Design/Logic Flaw
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions...
CVE-2022-31263
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions...
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...
Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation
Spree contains a flaw that leads to unauthorized privileges being gained. The issue is triggered as certain input related to mass role assignment in app/models/spree/user.rb is not properly verified before being used to update a user. This may allow a remote attacker to assign arbitrary roles and...