GHSA-6h67-934r-82g7

Source
https://github.com/advisories/GHSA-6h67-934r-82g7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-6h67-934r-82g7/GHSA-6h67-934r-82g7.json
Aliases
Published
2023-11-20T21:01:43Z
Modified
2023-11-20T21:27:09.273431Z
Details

Impact

Users are able to bypass the field level security. This means fields that they where not allowed to populate could be populated anyway even in the event that they tried to populate something that they don't have access to.

Patches

This issue has been patched in 1.3.4

Workarounds

None

References

Affected packages

npm / strapi-plugin-protected-populate

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.4