Vulnerabilities > CVE-2019-1000011 - Unspecified vulnerability in Api-Platform Core

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

api-platform

NVD

Published: 2019-02-04

Updated: 2020-08-24

Summary

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.

Vulnerable Configurations

Part	Description	Count
Application	Api-Platform API Platform Core 2.2.0 API Platform Core 2.2.1 API Platform Core 2.2.2 API Platform Core 2.2.3 API Platform Core 2.2.4 API Platform Core 2.2.5 API Platform Core 2.2.6 API Platform Core 2.2.7 API Platform Core 2.2.8 API Platform Core 2.2.9 API Platform Core 2.3.0 API Platform Core 2.3.1 API Platform Core 2.3.2 API Platform Core 2.3.3 API Platform Core 2.3.4 API Platform Core 2.3.5	16

Summary

Vulnerable Configurations

References