search

go-aah / aah

A secure, flexible, rapid Go web framework
https://aahframework.org
MIT License
690 stars 33 forks source link

Vulnerability #266

Closed snyff closed 4 years ago

snyff commented 4 years ago

What version of aah are you using (aah --version)?

aah v0.12.3 cli v0.13.4 go v1.13.8

Does this issue reproduce with the latest release?

I believe so

What operating system are you using (such as macOS, Linux and Windows)?

Linux

What did you do?

I found a way to get access to data I shouldn't get access to.

What did you expect to see?

An error message

What did you see instead?

Data I shouldn't get access

Additional context

Hi,

I found a vulnerability in your framework, let me know what is the best way to handle this.

Best, Louis

jeevatkm commented 4 years ago

@snyff Thank you for reaching out, appreciated. Can you please send details to security@aahframework.org?

snyff commented 4 years ago

Sent!

jeevatkm commented 4 years ago

Thank you @snyff, I will check it.

jeevatkm commented 4 years ago

@snyff Issue has been addressed and made a release.