Griffinmb

**Name of the Vulnerable Software and Affected Versions** Steve Pallen Coherence versions prior to 0.5.2 **Description** An issue similar to a Mass Assignment vulnerability was discovered, affecting "registration" endpoints such as creating, editing, and updating. This allows users to update any coherence fields data. For instance, users can automatically confirm their accounts by sending the `confirmed at` parameter with their registration request to the "registration" endpoint. **Recommendations** For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `confirmed at` parameter in registration requests until the update is applied.