1. Mass Assignment Vulnerability in ExpenseTracker createExpense Endpoint Enables Cross-User Data Manipulation
A medium-severity mass assignment vulnerability has been identified in the ExpenseTracker application, exposing a critical flaw in how user input is processed during expense creation. The vulnerability allows attackers to manipulate sensitive fields that should remain server-controlled, potentially enabling cross-user ...