First published: Mon Nov 20 2023(Updated: )
### Impact Users are able to bypass the field level security. This means fields that they where not allowed to populate could be populated anyway even in the event that they tried to populate something that they don't have access to. ### Patches This issue has been patched in 1.3.4 ### Workarounds None
|Affected Software||Affected Version||How to fix|
Users are able to bypass the field level security, allowing them to populate fields they are not allowed to access.
The vulnerability has been patched in version 1.3.4 of the strapi-plugin-protected-populate package.
No specific workarounds are mentioned.
The severity of GHSA-6h67-934r-82g7 is medium with a severity value of 5.3.
The CWE ID for GHSA-6h67-934r-82g7 is 863.