CVE-2024-10953 Information

Description

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2024-013 https://github.com/data-dot-all/dataall/security/advisories/GHSA-x4j5-jm65-vp5j