The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has been patched in version 1.3.4. There are no known workarounds.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-11-20T17:09:49.274Z
Updated: 2023-11-20T17:09:49.274Z
Reserved: 2023-11-13T13:25:18.479Z
Link: CVE-2023-48218
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-20T17:15:13.543
Modified: 2023-11-29T20:52:27.770
Link: CVE-2023-48218
JSON object: View
Redhat Information
No data.
CWE