Page Contents

The following pages are tagged with

TitleExcerpt
Security advisory 01-31-2018 Security risk: Medium (CVSS: 4.3) Vulnerability: Prevent unauthorized alteration of records on same table Description In a Many-to-Many relationship, it was possible for an authenticated user to edit the foreign keys of records to transfer ownership. Example: A Physician has many appointments with many patients. Physician 1 can create...
Security advisory 03-10-2017 Security risk: Medium-high Vulnerability: loopback-component-storage to directory traversal attack Description A security leak exposing loopback-component-storage to directory traversal attack. The component was exposed to a vulnerability where an attacker could use a command to retrieve the content of the server.js file of a LoopBack application and...
Security advisory 09-21-2017 Security risk: Medium Vulnerability: Remote Memory Exposure Description Remote memory exposure in [email protected] Nano was using package follow that has 2 packages with reported node security vulnerability. Packages are: [email protected] [email protected] Our module loopback-connector-couchdb2 use the affected versions. Also, loopback-connector-cloudant use couchdb2...
Security advisory 10-24-2017 Security risk: Medium Vulnerability: Multi-user password reset exploit Description When multiple User models were deployed it was possible for a resetToken for UserA to be used to reset the password for UserB or vice-versa. See issue for more details. Reported by GitHub user