CVE-2023-30843

Name of the Vulnerable Software and Affected Versions Payload versions prior to 1.7.0

Description The issue allows a user to reverse-engineer hidden field values via brute force if they have access to documents containing these fields. This can be done by attempting to access hidden field data through where queries.

Recommendations For versions prior to 1.7.0, update to version 1.7.0 to resolve the issue. As a temporary workaround for versions prior to 1.7.0, consider writing a beforeOperation hook to remove where queries that attempt to access hidden field data. Monitor your instance for brute-force style requests against your instance using where queries to detect potential compromise.