Headline
CVE-2023-1542: fix(admin): add restriction about admin modify their status · answerdev/answer@4ca2429
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
@@ -2,10 +2,9 @@ package schema
// UpdateUserStatusReq update user request type UpdateUserStatusReq struct { // user id UserID string `validate:"required" json:"user_id"` // user status Status string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"` UserID string `validate:"required" json:"user_id"` Status string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"` LoginUserID string `json:"-"` }
const (
Related news
GHSA-r95w-7cpx-h5mx: Answer vulnerable to Business Logic Errors
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.