4 matches found
shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)
shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...
shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)
shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...
CVE-2021-25962
Summary of CVE-2021-25962 (Shuup) : The Shuup application (versions 0.4.2 to 2.10.8) is affected by a Formula Injection vulnerability. The issue arises when a user injects payloads into the name field of the billing address; when a store administrator exports reports to Excel from the reports pag...
CVE-2021-25962 Shuup - Formula Injection in Checkout Addresses
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...