Vulnerabilities

CVE-2021-35970

by Fred · 30/06/2021

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

Date published : 2021-06-30

https://docs.coralproject.net/coral/api/graphql/#User

https://github.com/coralproject/talk/compare/v4.12.0…v4.12.1

Related

Tags: Cybersecurity Alert