Mass Assignment

Mass Assignment

A | B | C | D | E | G | I | K | L | M | N | O | P | R | S | T | W | Z

A | B | C | D | E | G | I | K | L | M | N | O | P | R | S | T | W | Z

Objects in modern applications have many properties, but not all the properties should be accessed or updated directly by a client. A mass assignment flaw exists when an API endpoint automatically converts client parameters into internal object properties without considering the sensitivity of the properties. Look for: 

  • Using objects instead of direct parameters in the API endpoints 
  • Relying on language frameworks to assign property values taken from parameters and request bodies. 
Magecart
Mass Assignment