AIKIDO-2026-10476
@lightdash/common is vulnerable to Insufficient Logging
15
Low Risk
This Affects:
@lightdash/commonTL;DR
Affected versions of this package are affected by an authorization audit trail inconsistency in comment deletion, where deleting a comment as its owner could succeed through an ownership fallback while the CASL check incorrectly logged the action as denied. It can cause misleading security logs and hinder incident investigation by masking legitimate ownership-based deletions as failed authorization attempts. An attacker with ownership over a comment could exploit this behavior to delete their own content while leaving an inaccurate audit record, potentially confusing reviewers, obscuring accountability, or interfering with forensic analysis of moderation and access control events.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@lightdash/common is vulnerable to Insufficient Logging in versions 0.1013.0 - 0.2742.1.
How to fix this
Upgrade the @lightdash/common library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant