Incorrect Access Control in Dancer::Plugin::SimpleCRUD 1.14 and earlier: Potential for Unauthorized Data Access

Incorrect Access Control in Dancer::Plugin::SimpleCRUD 1.14 and earlier: Potential for Unauthorized Data Access

CVE-2019-1010084 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes.

Learn more about our Web Application Penetration Testing UK.