Skip to content
← Back to Glossary
API Security

Mass Assignment

Binding all request parameters to model attributes without filtering sensitive fields.

Mass assignment (or autobinding) occurs when frameworks automatically bind HTTP request parameters to model attributes. Attackers can set fields like isAdmin or role by including them in the request. Prevent with allowlists or DTOs.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

Mass Assignment — Security Glossary | Vezraa