Users are able to bypass the field level security. This means fields that they where not allowed to populate could be populated anyway even in the event that they tried to populate something that they don't have access to.
This issue has been patched in 1.3.4
None
{ "nvd_published_at": "2023-11-20T17:15:13Z", "cwe_ids": [ "CWE-863" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-11-20T21:01:43Z" }