Closed loctv closed 3 years ago
Do you have a proof of the assertion made above? If you can proof a possible attack, pull request will be appreciated from you instead of misleading the community about false claim.
Pending that time I am closing this issue.
Thanks
Addon restful has an crritical issue:
Attacker can make a privilege escalation attack by put anything with sudo() to update res.users, res.groups