Critical severity9.8NVD Advisory· Published Jun 10, 2025· Updated Jun 17, 2026
CVE-2024-57190
CVE-2024-57190
Description
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
erxesnpm | < 1.6.1 | 1.6.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/erxes/erxes/commit/4ed2ca797241d2ba0c9083feeadd9755c1310ce8nvdPatchWEB
- www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-7rhv-xm4q-wh42ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-57190ghsaADVISORY
- www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservicesghsaWEB
News mentions
0No linked articles in our index yet.