Tag

Dotvvm

1 brief RSS

DotVVM AuthorizeActionFilter Critical Authorization Bypass

A critical authorization bypass vulnerability exists in the `AuthorizeActionFilter` class within the DotVVM framework, failing to perform any authorization checks and allowing attackers to bypass intended access restrictions without specific exploitation techniques, impacting all users relying on `AuthorizeActionFilter` for security. Patched versions include DotVVM 4.3.15, 4.2.11, and 5.0.0-preview09; `AuthorizeAttribute` can be used as a workaround.

DotVVM +2 authorization-bypass web-application vulnerability

2r 2t 1d ago