dotnet · DotVVMCritical
DotVVM AuthorizeActionFilter broken, allows unauthorized access
The AuthorizeActionFilter class is broken and does nothing, allowing unauthorized access.
What changed
The AuthorizeActionFilter class is broken and does nothing, allowing unauthorized access. Fixed in versions 4.3.15, 4.2.11, and 5.0.0-preview09.
Who it affects
All users of the AuthorizeActionFilter class.
What to do today
Upgrade to a patched version or replace AuthorizeActionFilter with AuthorizeAttribute as a workaround.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · DotVVM