This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Curveballjs First view 2021-04-16
Product a12n-Server Last view 2021-04-16
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software node.js  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:curveballjs:a12n-server

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2021-04-16 CVE-2021-29452

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-269 Improper Privilege Management