Submeter #769631: CodeGenieApp serverless-express <=4.17.1 Property Injectioninformação

TítuloCodeGenieApp serverless-express <=4.17.1 Property Injection
DescriçãoThe application's /users endpoint accepts arbitrary JSON in the filter query parameter and uses it to dynamically access object properties without validation. This allows authenticated attackers to enumerate database schema, inspect prototype chains, and perform reconnaissance against the application's data structures. While currently limited to information disclosure, this vulnerability provides attackers with valuable schema knowledge that can facilitate targeted attacks.
Fonte⚠️ https://github.com/AnalogyC0de/public_exp/issues/19
Utilizador
 Ana10gy (UID 93358)
Submissão01/03/2026 00h27 (há 2 meses)
Moderação11/03/2026 17h51 (11 days later)
EstadoAceite
Entrada VulDB350474 [CodeGenieApp serverless-express até 4.17.1 Users Endpoint utils/dynamodb.ts filter Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!