Lucene search

CVE-2024-40633

🗓️ 17 Jul 2024 18:04:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 70 Views🌐 WEB

Sylius Open Source eCommerce Framework vulnerability in `/api/v2/shop/adjustments/{id}` endpoin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius	17 Jul 202417:51	–	cvelist
NVD	CVE-2024-40633	17 Jul 202418:15	–	nvd
OSV	GHSA-55RF-8Q29-4G43 Sylius has a security vulnerability via adjustments API endpoint	17 Jul 202414:32	–	osv
Veracode	Information Disclosure	18 Jul 202408:45	–	veracode
Vulnrichment	CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius	17 Jul 202417:51	–	vulnrichment
Github Security Blog	Sylius has a security vulnerability via adjustments API endpoint	17 Jul 202414:32	–	github

Vulners

Vulnrichment

Node

sylius syliusRange<1.12.19

sylius syliusRange1.13.0–1.13.4

[
  {
    "vendor": "Sylius",
    "product": "Sylius",
    "versions": [
      {
        "version": "< 1.12.19",
        "status": "affected"
      },
      {
        "version": ">= 1.13.0, < 1.13.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/Sylius/Sylius/security/advisories/GHSA-55rf-8q29-4g43

Parameter	Position	Path	Description	CWE
{id}	path	/api/v2/shop/adjustments/{id}	The endpoint allows enumeration of valid adjustment IDs leading to disclosure of sensitive guest customer information.	CWE-200

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Jul 2024 18:15Current

5Medium risk

Vulners AI Score5

CVSS35.3

EPSS0.00111

SSVC

CWE-200