Unrated severityNVD Advisory· Published Nov 9, 2024· Updated Oct 14, 2025

data.all authenticated users can perform mutating update operations on persisted notification records

CVE-2024-10953

Description

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.

Affected products

data.all/data.allllm-fuzzy
amazon/data.allv5
Range: 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/data-dot-all/dataall/releases/tag/v2.6.1mitrepatch
aws.amazon.com/security/security-bulletins/AWS-2024-013mitrevendor-advisory
github.com/data-dot-all/dataall/security/advisories/GHSA-x4j5-jm65-vp5jmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000