CVE-2023-32065
CVE-2023-32065 affects OroCommerce where the get-totals-for-checkout API endpoint can disclose detailed order totals to users who should not have access, by exploiting inadequate access control around Order IDs. Public sources in the connected documents describe an information-disclosure path ena...