Formio improperly authorized permission elevation through specially crafted request path
Security Advisory: Unauthorized permission elevation through specially crafted request path Summary: A flaw in path handling could allow an attacker to access protected API endpoints by sending a crafted request path. This issue could result in unauthorized data disclosure under certain configurations. Impact: In affected configurations, an unauthenticated or unauthorized request could retrieve data from endpoints that should be protected. Affected versions: <= 3.5.6 <= 4.4.2 Fixed in: 3.5.7 4.4.3 …