CVE-2018-20301

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20301

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20301.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-20301

Aliases

GHSA-mrq8-53r4-3j5m

Published

2018-12-20T09:29:00Z

Modified

2025-01-14T07:27:56.404399Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherencefields data. For example, users can automatically confirm their accounts by sending the confirmedat parameter with their registration request.

References

https://github.com/smpallen99/coherence/issues/270

Affected packages

Git / github.com/smpallen99/coherence

Affected ranges

Type: GIT
Repo: https://github.com/smpallen99/coherence
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4c2261ea5a12604bde816fbf542a5c82ce9c8072

Affected versions

v0.*

v0.0.1

v0.0.3

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.5.1