2 matches found
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2020-7964
Mirumee Saleor 2.x prior to 2.9.1 has an access control flaw in the checkoutCustomerAttach mutations that allows an attacker to attach a checkout to any user ID, leading to leakage of user data (name, address, and previous orders). A fix is available in Saleor 2.9.1 (and later). Monitor for updat...