Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@keystone-6/core vulnerable to field-level access-control bypass for multiselect field
Vulnerability Description
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Keystone 授权问题漏洞
Vulnerability Description
Keystone是一款强大的CMS。用于帮助您比任何其他 Cms 或应用程序框架更快地构建和扩展。 Keystone 2.3.1之前版本存在授权问题漏洞,该漏洞源于使用字段级访问控制的用户很容易受到未使用其字段级访问控制的影响。
CVSS Information
N/A
Vulnerability Type
N/A