CVE-2018-20301

Name of the Vulnerable Software and Affected Versions Steve Pallen Coherence versions prior to 0.5.2

Description An issue similar to a Mass Assignment vulnerability was discovered, affecting "registration" endpoints such as creating, editing, and updating. This allows users to update any coherence fields data. For instance, users can automatically confirm their accounts by sending the confirmed at parameter with their registration request to the "registration" endpoint.

Recommendations For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the confirmed at parameter in registration requests until the update is applied.