rgzr
commented
6 years ago Fixed in https://github.com/jaracil/nexus/commit/ce27347b07fec6adf8e0f06e3f5a233196d08e09 correctly restricting rethinkDB queries to allowed paths.
Closed rgzr closed 6 years ago
rgzr
commented
6 years ago Fixed in https://github.com/jaracil/nexus/commit/ce27347b07fec6adf8e0f06e3f5a233196d08e09 correctly restricting rethinkDB queries to allowed paths.
When an user has permissions over
prefix.aand does a*.liston that prefix, he receives objects starting withprefix.abtoo... although he doesn't have permissions on those prefixes.