| tiêu đề | CodeGenieApp serverless-express <=4.17.1 Property Injection |
|---|
| Mô tả | The application's /users endpoint accepts arbitrary JSON in the filter query parameter and uses it to dynamically access object properties without validation. This allows authenticated attackers to enumerate database schema, inspect prototype chains, and perform reconnaissance against the application's data structures. While currently limited to information disclosure, this vulnerability provides attackers with valuable schema knowledge that can facilitate targeted attacks. |
|---|
| Nguồn | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/19 |
|---|
| Người dùng | Ana10gy (UID 93358) |
|---|
| Đệ trình | 01/03/2026 00:27 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 11/03/2026 17:51 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 350474 [CodeGenieApp serverless-express đến 4.17.1 Users Endpoint utils/dynamodb.ts filter nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|