Moderate severityNVD Advisory· Published Dec 20, 2018· Updated Aug 5, 2024
CVE-2018-20301
CVE-2018-20301
Description
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coherenceHex | < 0.5.2 | 0.5.2 |
Affected products
1Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-mrq8-53r4-3j5mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20301ghsaADVISORY
- github.com/smpallen99/coherence/issues/270ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.