Vulnerability	Vulnerable Version
C Access Control Bypass @kottster/cli is a CLI for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the `initApp` and `installPackagesForDataSource` actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering application reinitialization to create a new root account, obtaining a JWT token, and leveraging unescaped command arguments. Note: This is only exploitable if the application is running in development mode and accessible to the attacker. How to fix Access Control Bypass? Upgrade `@kottster/cli` to version 3.3.2 or higher.	>=3.2.0 <3.3.2

Access Control Bypass

@kottster/cli is a CLI for Kottster

Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering application reinitialization to create a new root account, obtaining a JWT token, and leveraging unescaped command arguments.

Note:

This is only exploitable if the application is running in development mode and accessible to the attacker.

How to fix Access Control Bypass?

Upgrade @kottster/cli to version 3.3.2 or higher.

>=3.2.0 <3.3.2

Go back to all versions of this package