17 matches found
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
EUVD-2021-1489
Malware in sbrugna...
EUVD-2022-3777
Malicious code in bioql PyPI...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
GHSA-FGJH-X3F8-8GMH Mirumee Saleor CSRF Protection Disabled
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
GHSA-RGCM-RPQ9-9CGR Missing Authentication for Critical Function in Saleor
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
Mirumee Saleor Information Disclosure Vulnerability
Mirumee Saleor is a modular e-commerce platform. An information disclosure vulnerability exists in Mirumee Saleor. The vulnerability arises due to a configuration or other error in the operation of a networked system or product. An unauthorized attacker could exploit the vulnerability to obtain...
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
Design/Logic Flaw
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2020-7964
Mirumee Saleor 2.x prior to 2.9.1 has an access control flaw in the checkoutCustomerAttach mutations that allows an attacker to attach a checkout to any user ID, leading to leakage of user data (name, address, and previous orders). A fix is available in Saleor 2.9.1 (and later). Monitor for updat...
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
Cross site request forgery (csrf)
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
CVE-2019-13594
CVE-2019-13594 affects Mirumee Saleor 2.7.0 (fixed in 2.8.0). The issue is that CSRF protection middleware was accidentally disabled, allowing a POST request to be accepted without a valid CSRF token. This exposes CSRF risk on affected deployments until updated. Remediation per sources is to upgr...