GHSA-6h67-934r-82g7
First published: Mon Nov 20 2023(Updated: )
### Impact Users are able to bypass the field level security. This means fields that they where not allowed to populate could be populated anyway even in the event that they tried to populate something that they don't have access to. ### Patches This issue has been patched in 1.3.4 ### Workarounds None
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/strapi-plugin-protected-populate | <1.3.4 | 1.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/strapi-community/strapi-plugin-protected-populate/security/advisories/GHSA-6h67-934r-82g7
- https://nvd.nist.gov/vuln/detail/CVE-2023-48218
- https://github.com/strapi-community/strapi-plugin-protected-populate/commit/05441066d64e09dd55937d9f089962e9ebe2fb39
- https://github.com/strapi-community/strapi-plugin-protected-populate/releases/tag/v1.3.4
- https://github.com/advisories/GHSA-6h67-934r-82g7 (Advisory)
Frequently Asked Questions
What is the impact of GHSA-6h67-934r-82g7?
Users are able to bypass the field level security, allowing them to populate fields they are not allowed to access.
How can the vulnerability GHSA-6h67-934r-82g7 be fixed?
The vulnerability has been patched in version 1.3.4 of the strapi-plugin-protected-populate package.
Are there any workarounds for GHSA-6h67-934r-82g7?
No specific workarounds are mentioned.
What is the severity of GHSA-6h67-934r-82g7?
The severity of GHSA-6h67-934r-82g7 is medium with a severity value of 5.3.
What is the CWE ID for GHSA-6h67-934r-82g7?
The CWE ID for GHSA-6h67-934r-82g7 is 863.
- collector/github-advisory-latest
- alias/GHSA-6h67-934r-82g7
- alias/CVE-2023-48218
- collector/github-advisory
- package-manager/npm