VYPR

npm package

@curveball/a12n-server

pkg:npm/%40curveball/a12n-server

Vulnerabilities (1)

  • CVE-2021-29452Apr 16, 2021
    affected >= 0.18.0, < 0.18.2fixed 0.18.2

    a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged i