Packagist (Composer) package
almirhodzic/nova-toggle-5
pkg:composer/almirhodzic/nova-toggle-5
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42202 | Med | 6.5 | < 1.3.0 | 1.3.0 | May 8, 2026 | nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoi |
- affected < 1.3.0fixed 1.3.0
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoi