📄️ Mass Assignment Strategy
The "mass assignment" vulnerability is one of the peculiar vulnerabilities of this application domain. This vulnerability originates from a misconfiguration of any REST API framework that can provide an automatic binding between input data fields (controlled by a potential attacker) and the internal data representation (e.g. database columns). Successful exploitation of such a vulnerability may allow malicious attackers to manipulate private data. However, they would have to guess the names of the internal data structures (e.g. database tables and columns) used by the REST API.