Vulnerability	Vulnerable Version
H Access Control Bypass reflex is a Web apps in pure Python. Affected versions of this package are vulnerable to Access Control Bypass through the event handling mechanism. An attacker can impersonate other users or gain unauthorized administrative access by manipulating state fields that are not intended to be client-accessible. How to fix Access Control Bypass? Upgrade `reflex` to version 0.4.9.post1, 0.5.10.post1, 0.6.8.post1, 0.7.1.post1, 0.7.2.post1, 0.7.3.post1, 0.7.4.post1, 0.7.5.post1, 0.7.6.post1, 0.7.7.post1, 0.7.8.post1, 0.7.9.post1, 0.7.10.post1, 0.7.11 or higher.	[0.2.7,0.4.9.post1)[0.5.0a1,0.5.10.post1)[0.6.0a1,0.6.8.post1)[0.7.0a1,0.7.1.post1)[0.7.2.dev1,0.7.2.post1)[0.7.3a1,0.7.3.post1)[0.7.4a0,0.7.4.post1)[0.7.5a1,0.7.5.post1)[0.7.6a0,0.7.6.post1)[0.7.7a1,0.7.7.post1)[0.7.8a1,0.7.8.post1)[0.7.9a1,0.7.9.post1)[0.7.10a1,0.7.10.post1)[0.7.11a1,0.7.11)

Access Control Bypass

reflex is a Web apps in pure Python.

Affected versions of this package are vulnerable to Access Control Bypass through the event handling mechanism. An attacker can impersonate other users or gain unauthorized administrative access by manipulating state fields that are not intended to be client-accessible.

How to fix Access Control Bypass?

Upgrade reflex to version 0.4.9.post1, 0.5.10.post1, 0.6.8.post1, 0.7.1.post1, 0.7.2.post1, 0.7.3.post1, 0.7.4.post1, 0.7.5.post1, 0.7.6.post1, 0.7.7.post1, 0.7.8.post1, 0.7.9.post1, 0.7.10.post1, 0.7.11 or higher.

[0.2.7,0.4.9.post1)[0.5.0a1,0.5.10.post1)[0.6.0a1,0.6.8.post1)[0.7.0a1,0.7.1.post1)[0.7.2.dev1,0.7.2.post1)[0.7.3a1,0.7.3.post1)[0.7.4a0,0.7.4.post1)[0.7.5a1,0.7.5.post1)[0.7.6a0,0.7.6.post1)[0.7.7a1,0.7.7.post1)[0.7.8a1,0.7.8.post1)[0.7.9a1,0.7.9.post1)[0.7.10a1,0.7.10.post1)[0.7.11a1,0.7.11)

Go back to all versions of this package