CVE-2018-20301
published 2018-12-20CVE-2018-20301: An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coherence_project | coherence | < 0.5.2 | 0.5.2 |
| oracle | coherence | >= 0 < 0.5.2 | 0.5.2 |