Vulnerability	Vulnerable Version
M Authorization Bypass Through User-Controlled Key @withstudiocms/effect is an Effect-TS Utilities for Astro Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the `getUsers` process. An attacker can access sensitive owner account information, such as IDs, usernames, display names, and email addresses, by supplying a crafted `rank` query parameter while authenticated as an admin. This allows bypassing intended authorization boundaries and retrieving privileged user data. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `@withstudiocms/effect` to version 0.4.1 or higher.	<0.4.1
M Authorization Bypass Through User-Controlled Key @withstudiocms/effect is an Effect-TS Utilities for Astro Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the `create-reset-link` process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password reset token for any user, including those with greater privileges, and then resetting their password using the token. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `@withstudiocms/effect` to version 0.4.1 or higher.	<0.4.1

Authorization Bypass Through User-Controlled Key

@withstudiocms/effect is an Effect-TS Utilities for Astro

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the getUsers process. An attacker can access sensitive owner account information, such as IDs, usernames, display names, and email addresses, by supplying a crafted rank query parameter while authenticated as an admin. This allows bypassing intended authorization boundaries and retrieving privileged user data.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade @withstudiocms/effect to version 0.4.1 or higher.

<0.4.1

Authorization Bypass Through User-Controlled Key

@withstudiocms/effect is an Effect-TS Utilities for Astro

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password reset token for any user, including those with greater privileges, and then resetting their password using the token.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade @withstudiocms/effect to version 0.4.1 or higher.

<0.4.1

Go back to all versions of this package