Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Some sync filters in PowerSync Service ignored using `config.edition: 3`
Vulnerability Description
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in authenticated users syncing data that should have been restricted. Only queries that gate synchronization using subqueries without partitioning the result set are affected. This vulnerability is fixed in 1.20.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
PowerSync Service 授权问题漏洞
Vulnerability Description
PowerSync Service是PowerSync开源的一个本地优先应用的同步引擎。 PowerSync Service 1.20.0版本存在授权问题漏洞,该漏洞源于使用新同步流时忽略某些子查询过滤器,可能导致经过身份验证的用户同步本应受限的数据。
CVSS Information
N/A
Vulnerability Type
N/A