MEDIUM🇬🇧 English

CVE-2019-1000011

CVSS 6.5v3.0pub. 2019-02-04upd. 2024-11-21

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Api Platform Core

    APP
    Api-Platform
    2.2.0 – 2.3.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-25575HIGH7.7ten sam produkt

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties se...

CVE-2019-1000011 — MEDIUM 6.5 | CVEbaza.pl