In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Missing Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade @grackle-ai/plugin-core to version 0.132.2 or higher.
@grackle-ai/plugin-core is a Core plugin for Grackle — gRPC handlers, reconciliation phases, and event subscribers
Affected versions of this package are vulnerable to Missing Authorization due to inconsistent enforcement of authorization checks in the tool layer. An attacker can gain unauthorized access to perform cross-task and cross-session operations, such as updating, deleting, or resuming tasks and sessions belonging to other users, as well as reading data across all workspaces, by supplying arbitrary task or session identifiers and leveraging insufficient session revocation mechanisms.