Page Contents
The following pages are tagged with
| Title | Excerpt |
|---|---|
| Security advisory 01-31-2018 | Security risk: Medium (CVSS: 4.3) Vulnerability: Prevent unauthorized alteration of records on same table Description In a Many-to-Many relationship, it was possible for an authenticated user to edit the foreign keys of records to transfer ownership. Example: A Physician has many appointments with many patients. Physician 1 can create... |
| Security advisory 03-10-2017 | Security risk: Medium-high Vulnerability: loopback-component-storage to directory traversal attack Description A security leak exposing loopback-component-storage to directory traversal attack. The component was exposed to a vulnerability where an attacker could use a command to retrieve the content of the server.js file of a... |
| Security advisory 08-08-2018 | Security risk: High (CVSS: 7.7) Vulnerability: AccessToken API (if exposed) allows anyone to create a Token Description LoopBack provides a built-in User management / authentication and authorization solution. As part of this solution, a User must have an AccessToken to authenticate themselves against APIs requiring... |
| Security advisory 08-15-2018 | Security risk: High (CVSS: 7.1) Vulnerability: loopback-connector-mongodb allows NoSQL Injections Description MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special |