Perl Dancer · Dancer::Plugin::Simplecrud · CVE-2019-1010084
Name of the Vulnerable Software and Affected Versions:
Dancer::Plugin::SimpleCRUD versions 1.14 and earlier
Description:
The issue is related to Incorrect Access Control, which may lead to unauthorized access to data. This occurs due to incorrect calls to the ` ensure auth()` wrapper, resulting in authentication checks not being applied to all routes.
Recommendations:
For Dancer::Plugin::SimpleCRUD versions 1.14 and earlier, consider modifying the code to correctly apply the ` ensure auth()` wrapper to ensure authentication checks are applied to all routes. As a temporary workaround, review and manually enforce authentication checks for all routes until a proper fix is implemented.