Chrisrimmer

**Name of the Vulnerable Software and Affected Versions** Remult versions prior to 0.20.6 **Description** The issue allows an attacker who knows the `id` of an entity instance they are not authorized to access to gain read, update, and delete access to it. This occurs when the `apiPrefilter` option of the `@Entity` decorator is set to a function that returns a filter intended to prevent unauthorized access to data. **Recommendations** For versions prior to 0.20.6, set the `apiPrefilter` option to a filter object instead of a function as a workaround. Update to version 0.20.6 to fix the issue.