从pering page excerpts (commit information and code changes), the key information about the vulnerability can be summarized as follows: Vulnerability Type: The vulnerability appears to be related to injection and filter bypass issues within the view filtering mechanism in the Budibase application. Impact: Filter Key and Value Attacks: The exploit leveraged the use of filter fields and values that could be manipulated to bypass intended filtering logic. This is demonstrated in the test case where a payload is used within a filter value to attempt to execute code. Filter Condition Bypass: The former handling of filter conditions allowed for the use of undefined or unsafe conditions, which could lead to the execution of arbitrary code or unintended data access. A filter was used in a test case to verify this issue. Fix Approach: The fix involves changing how filter conditions and expressions are evaluated, ensuring they use a safer string comparison and escaping mechanism instead of raw JavaScript evaluation. This is done by replacing potentially vulnerable JavaScript execution with sanitized filter condition mappings. The filtering logic now checks for valid conditions and throws errors for unknown or unsafe filter conditions to prevent misuse. Updates are made to the view paths and endpoints to enforce stricter request validation and handling. Affected Code Files: (tests for the view builder functionality) (utility functions used in view processing) , , (core view necessary filter logic) * Multiple API endpoint files under the directory This fix addresses security holes by containing filter key escapement values and disallowing dangerous filter conditions, thus reducing the attack surface and shoring up the view filter mechanism against malicious inputs.