loopback is an Open Source Framework for Node.js.
Affected versions of the package are vulnerable to Authentication Bypass. It allowes users to change Admin's password by using their regular access token in case they have the same id and the same password.
loopback to version 3.16.2 or higher.
Do your applications use this vulnerable package?
- Snyk ID
- 26 Oct, 2017
- 06 Mar, 2018