Robertonegro

**Name of the Vulnerable Software and Affected Versions** nova-toggle-5 versions prior to 1.3.0 **Description** The toggle endpoint "POST /nova-vendor/nova-toggle/toggle/{resource}/{resourceId}" was protected only by web and auth:<guard> middleware. This allowed any user authenticated on the configured guard to flip boolean attributes on any Nova resource, including users without access to Nova. Additionally, the endpoint accepted an arbitrary `attribute` parameter, enabling callers to toggle any boolean column on the underlying model regardless of whether it was exposed as a Toggle field on the resource. **Recommendations** Update to version 1.3.0. As a temporary workaround, remove the package or restrict access to the "/nova-vendor/nova-toggle/toggle/*" routes using additional middleware that enforces the `viewNova` gate.