Common Weakness Enumeration

CWE-304

Allowed

Missing Critical Step in Authentication

Abstraction: Base · Status: Draft

The product implements an authentication technique, but it skips a step that weakens the technique.

60 vulnerabilities reference this CWE, most recent first.

GHSA-G3P7-F346-26M6

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user's username to the get_model function, thereby gaining unauthorized access to that user's chat history.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:47Z",
    "severity": "HIGH"
  },
  "details": "An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users\u0027 chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user\u0027s username to the get_model function, thereby gaining unauthorized access to that user\u0027s chat history.",
  "id": "GHSA-g3p7-f346-26m6",
  "modified": "2025-03-20T12:32:50Z",
  "published": "2025-03-20T12:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9216"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/21e54c3f-e2d7-423b-9890-1f0cb99af4dd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX77-XGC2-4888

Vulnerability from github – Published: 2025-11-27 03:30 – Updated: 2025-12-01 20:51
VLAI
Summary
Ray's New Token Authentication is Disabled By Default
Details

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ray"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.52.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-34351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-304"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-01T20:51:10Z",
    "nvd_published_at": "2025-11-27T03:15:58Z",
    "severity": "CRITICAL"
  },
  "details": "Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.",
  "id": "GHSA-gx77-xgc2-4888",
  "modified": "2025-12-01T20:51:10Z",
  "published": "2025-11-27T03:30:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-w8vc-465m-jjw6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34351"
    },
    {
      "type": "WEB",
      "url": "https://docs.ray.io/en/latest/ray-security/token-auth.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ray-project/ray"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ray-project/ray/releases/tag/ray-2.52.0"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/resourcessupport/allresources/cnarules#section_4-1_Vulnerability_Determination"
    },
    {
      "type": "WEB",
      "url": "https://www.linkedin.com/posts/jonathan-leitschuh_the-latest-piece-of-mind-bending-research-activity-7396976425997606912-qizE"
    },
    {
      "type": "WEB",
      "url": "https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet"
    },
    {
      "type": "WEB",
      "url": "https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/anyscale-ray-token-authentication-disabled-by-default-insecure-configuration"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Ray\u0027s New Token Authentication is Disabled By Default"
}

GHSA-M74W-GJ86-32Q9

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:26Z",
    "severity": "HIGH"
  },
  "details": "An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users\u0027 information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.",
  "id": "GHSA-m74w-gj86-32q9",
  "modified": "2025-03-20T12:32:42Z",
  "published": "2025-03-20T12:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12048"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MH3C-527F-CWQV

Vulnerability from github – Published: 2024-05-17 21:31 – Updated: 2024-08-29 21:31
VLAI
Details

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T21:15:07Z",
    "severity": "HIGH"
  },
  "details": "The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an \"SSID Confusion\" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.",
  "id": "GHSA-mh3c-527f-cwqv",
  "modified": "2024-08-29T21:31:02Z",
  "published": "2024-05-17T21:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52424"
    },
    {
      "type": "WEB",
      "url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx"
    },
    {
      "type": "WEB",
      "url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid"
    },
    {
      "type": "WEB",
      "url": "https://www.wi-fi.org/news-events/press-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R4JV-CV98-6C79

Vulnerability from github – Published: 2024-03-13 18:31 – Updated: 2026-04-08 18:32
VLAI
Details

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-13T16:15:32Z",
    "severity": "CRITICAL"
  },
  "details": "The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers  to escalate their privileges to that of an administrator.",
  "id": "GHSA-r4jv-cv98-6c79",
  "modified": "2026-04-08T18:32:47Z",
  "published": "2024-03-13T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2172"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3054179%40miniorange-malware-protection\u0026new=3054179%40miniorange-malware-protection\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3054255%40web-application-firewall\u0026new=3054255%40web-application-firewall\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/miniorange-malware-protection"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R4W2-HJMR-36M7

Vulnerability from github – Published: 2023-12-30 00:30 – Updated: 2024-11-18 16:26
VLAI
Summary
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
Details

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-server-rest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev04"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-server-rest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.18.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-3629"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-16T17:19:37Z",
    "nvd_published_at": "2023-12-18T14:15:08Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Infinispan\u0027s REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.",
  "id": "GHSA-r4w2-hjmr-36m7",
  "modified": "2024-11-18T16:26:34Z",
  "published": "2023-12-30T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/commit/11b3cb0f7ba68b73dd32f655ff3f3df842a0c6bd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/commit/1e3cc542336d2f49743ab8176ed6f1175e034c59"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:5396"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3629"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217926"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/infinispan/infinispan"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240125-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": " Infinispan REST Server\u0027s cache retrieval endpoints do not properly evaluate the necessary admin permissions"
}

GHSA-RP5M-XQ4P-5F64

Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2024-04-04 05:49
VLAI
Details

Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T19:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Palantir discovered a software bug in a recently released version of Foundry\u2019s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances.",
  "id": "GHSA-rp5m-xq4p-5f64",
  "modified": "2024-04-04T05:49:07Z",
  "published": "2023-07-06T21:15:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22833"
    },
    {
      "type": "WEB",
      "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V468-QCJX-R72W

Vulnerability from github – Published: 2026-04-22 09:31 – Updated: 2026-04-29 20:52
VLAI
Summary
Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification
Details

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.httpcomponents.client5:httpclient5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.6-alpha1"
            },
            {
              "fixed": "5.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T20:52:54Z",
    "nvd_published_at": "2026-04-22T08:16:12Z",
    "severity": "HIGH"
  },
  "details": "Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.",
  "id": "GHSA-v468-qcjx-r72w",
  "modified": "2026-04-29T20:52:54Z",
  "published": "2026-04-22T09:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40542"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/httpcomponents-client/commit/726eac2323d370435d8afca1e0540aa099927f18"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/httpcomponents-client"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/22/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification"
}

GHSA-VP5V-7J7W-MJXH

Vulnerability from github – Published: 2024-11-08 18:30 – Updated: 2024-11-08 18:30
VLAI
Details

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45764"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-08T16:15:23Z",
    "severity": "CRITICAL"
  },
  "details": "Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.",
  "id": "GHSA-vp5v-7j7w-mjxh",
  "modified": "2024-11-08T18:30:50Z",
  "published": "2024-11-08T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45764"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJP5-5PH6-C66C

Vulnerability from github – Published: 2022-08-16 00:00 – Updated: 2022-08-17 00:00
VLAI
Details

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-15T11:21:00Z",
    "severity": "HIGH"
  },
  "details": "Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.",
  "id": "GHSA-xjp5-5ph6-c66c",
  "modified": "2022-08-17T00:00:23Z",
  "published": "2022-08-16T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2821"
    },
    {
      "type": "WEB",
      "url": "https://github.com/namelessmc/nameless/commit/98fe4b7fce5509e49e71f1357118db887b8b88e0"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/c216db15-fe2f-42a7-852a-6c47498cf069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.