CVE-2018-20301
Coherence before 0.5.2 is affected by a Mass Assignment-style vulnerability where registration endpoints can update any coherence_fields data. The CVE-2018-20301 entry (Steve Pallen Coherence) specifies that users could, for example, set the confirmed_at parameter in a registration request to aut...