Incorrect Access Control in GraphQL Delete Mutations of API Platform by API Platform
CVE-2019-1000011
6.5MEDIUM
What is CVE-2019-1000011?
The API Platform, specifically versions 2.2.0 to 2.3.5, suffers from an Incorrect Access Control vulnerability within its GraphQL delete mutations. This security flaw allows an authorized user, who should only be able to delete specific resources, to delete any resource within the platform. This could lead to unauthorized data manipulation and loss. The issue has been addressed in version 2.3.6, highlighting the importance of updating to secure sensitive operations within the application.
