| عنوان | CodeGenieApp serverless-express <=4.17.1 Property Injection |
|---|
| الوصف | The application's /users endpoint accepts arbitrary JSON in the filter query parameter and uses it to dynamically access object properties without validation. This allows authenticated attackers to enumerate database schema, inspect prototype chains, and perform reconnaissance against the application's data structures. While currently limited to information disclosure, this vulnerability provides attackers with valuable schema knowledge that can facilitate targeted attacks. |
|---|
| المصدر | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/19 |
|---|
| المستخدم | Ana10gy (UID 93358) |
|---|
| ارسال | 01/03/2026 12:27 AM (2 أشهر منذ) |
|---|
| الاعتدال | 11/03/2026 05:51 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 350474 [CodeGenieApp serverless-express حتى 4.17.1 Users Endpoint utils/dynamodb.ts filter تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|