Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.
History

Thu, 07 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-23T19:03:54.753Z

Updated: 2024-11-07T19:04:32.133Z

Reserved: 2023-06-14T14:17:52.179Z

Link: CVE-2023-35167

cve-icon Vulnrichment

Updated: 2024-08-02T16:23:59.673Z

cve-icon NVD

Status : Modified

Published: 2023-06-23T20:15:09.227

Modified: 2024-11-21T08:08:04.797

Link: CVE-2023-35167

cve-icon Redhat

No data.