Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
{ "nvd_published_at": "2024-12-04T21:15:24Z", "cwe_ids": [ "CWE-125", "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-12-04T22:37:05Z" }