Vulnerability	Vulnerable Version
H Improper Restriction of Communication Channel to Intended Endpoints fastcrud is a FastCRUD is a Python package for FastAPI, offering robust async CRUD operations and flexible endpoint creation utilities. Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to improper handling of the `exclude_fields` parameter in the `_create_modified_schema` function. The function fails to enforce immutability on the field-exclusion list, allowing callers or dependent code to mutate shared state and reintroduce sensitive fields such as passwords or API keys into generated schemas. An attacker can exploit this through cache poisoning or list-manipulation attacks to expose sensitive data that should have been excluded from API responses. How to fix Improper Restriction of Communication Channel to Intended Endpoints? Upgrade `fastcrud` to version 0.19.0 or higher.	[,0.19.0)

Improper Restriction of Communication Channel to Intended Endpoints

fastcrud is a FastCRUD is a Python package for FastAPI, offering robust async CRUD operations and flexible endpoint creation utilities.

Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to improper handling of the exclude_fields parameter in the _create_modified_schema function. The function fails to enforce immutability on the field-exclusion list, allowing callers or dependent code to mutate shared state and reintroduce sensitive fields such as passwords or API keys into generated schemas. An attacker can exploit this through cache poisoning or list-manipulation attacks to expose sensitive data that should have been excluded from API responses.

How to fix Improper Restriction of Communication Channel to Intended Endpoints?

Upgrade fastcrud to version 0.19.0 or higher.

[,0.19.0)

Go back to all versions of this package