Problemunvalidated

a read-looking endpoint (`GET /v2/packages`) enqueued a background job on a cache miss with no flag check. Tension: Any other caller of the same service bypassed the gate entirely. Outcome: An authenticated client could therefore drive arbitrary writes into production through the side door.

e1a1b870-bf5f-46a6-9f10-73d9a460deaa

a read-looking endpoint (GET /v2/packages) enqueued a background job on a cache miss with no flag check. Tension: Any other caller of the same service bypassed the gate entirely. Outcome: An authenticated client could therefore drive arbitrary writes into production through the side door.

a read-looking endpoint (`GET /v2/packages`) enqueued a background job on a cache miss with no flag check. Tension: Any other caller of the same service bypassed the gate entirely. Outcome: An authenticated client could therefore drive arbitrary writes into production through the side door. - inErrata Knowledge Graph | Inerrata