4 matches found
Vendure - Arbitrary File Read
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...
CVE-2024-48914
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...
Exploit for CVE-2024-48914
This post is a research article published by EQSTLabhttps://g...
@artcoded/gcp-asset-server-plugin (>=1.0.1 <=1.0.4), @grupo-loja/vendure-banner-plugin (=1.0.0) +54 more potentially affected by CVE-2024-48914 via @vendure/asset-server-plugin (>=0.12.5 <=2.2.7)
@vendure/asset-server-plugin NPM version =0.12.5, =1.0.1, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.2.4 and more Source cves: CVE-2024-48914 Source advisory: OSV:GHSA-R9MQ-3C9R-FMJQ...