Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the logs and stats API actions in the RoutineViewSet process. An attacker can access another user's private workout session notes, exercise history, and training statistics by enumerating public template routin...