2025-09-07 16:01:01
EEF
PUBLISHED
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines Elixir.Ash.Actions.Create.Bulk:run/5, Elixir.Ash.Actions.Destroy.Bulk:run/6, Elixir.Ash.Actions.Update.Bulk:run/6. This issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.