4 matches found
CVE-2022-29254
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...
CVE-2022-29254
The CVE-2022-29254 issue affects silverstripe-omnipay (SilverStripe integration with Omnipay). For certain gateways using intermediary states (isNotification/isRedirect), exposing the payment identifier or success URL can cause payments to be prematurely marked as completed without payment actual...
CVE-2022-29254 Failed payment recorded has completed in silverstripe/silverstripe-omnipay
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...
CVE-2022-29254 - Failed payment recorded has completed
More info at https://www.silverstripe.org/download/security-releases/cve-2022-29254...