Mass Assignment
Objects in modern applications have many properties, but not all the properties should be accessed or updated directly by a client. A mass assignment flaw exists when an API endpoint automatically converts client parameters into internal object properties without considering the sensitivity of the properties.
Look for:
- Using objects instead of direct parameters in the API endpoints
- Relying on language frameworks to assign property values from parameters and request bodies.