5 matches found
GHSA-W8RC-PGXQ-X2CJ Negative charge in shopping cart in Shopizer
Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...
Negative charge in shopping cart in Shopizer
Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...
com.shopizer:shopizer-shipping-canadapost-module (>=0.0.1 <=2.11.0), com.shopizer:shopizer-shipping-distance-processor (=2.0.3) +1 more potentially affected by CVE-2020-11007 via com.shopizer:sm-core-model (>=2.0.2 <=2.10.0)
com.shopizer:sm-core-model MAVEN version =2.0.2, =0.0.1, =2.0.2, =2.0.3 Source cves: CVE-2020-11007 Source advisory: OSV:GHSA-W8RC-PGXQ-X2CJ...
CVE-2020-11007
Vulnerability: CVE-2020-11007 affects Shopizer prior to v2.11.0 where negative quantities in API/Controller paths are not properly validated, leading to incorrect shopping cart totals and the possibility of a negative order total. Root cause: insufficient validation of quantity parameters. Impact...
CVE-2020-11007 Negative charge in shopping cart possible in Shopizer
In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...