1. Mass Assignment Vulnerability in Expensetracker Exposes createExpense Endpoint to Data Manipulation
A critical mass assignment vulnerability has been identified in the expensetracker application, specifically within the createExpense endpoint at ExpenseController.java:52. The flaw allows an attacker to inject additional request body fields—such as 'user' or 'id'—that the application does not explicitly expect, effect...