VDB
KO
MEDIUM 6.5

PYSEC-2026-767

Access control issue in AlekSIS-Core

Details

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / aleksis-core
Introduced in: 0 Fixed in: 2.9
Fix pip install --upgrade 'aleksis-core>=2.9'

References