Emmatown

**Name of the Vulnerable Software and Affected Versions** Keystone versions prior to 6.5.0 **Description** Keystone, a content management system for Node.js, has an issue where `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used to probe the existence or value of otherwise unreadable fields. This affects projects relying on the default or dynamic `isFilterable` behavior to prevent external users from using field filtering as a discovery mechanism. The issue is not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. **Recommendations** For versions prior to 6.5.0, to mitigate this issue, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline. Alternatively, set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema. Additionally, consider denying `update` and `delete` operations for the relevant lists completely.