CVE-2024-22407

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

Design/Logic Flaw

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

Design/Logic Flaw

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

CVE-2024-22408

Shopware Flow Builder has a URL validation issue in the call webhook action that enables SSRF to internal hosts. Affected: Shopware open headless commerce platform (Flow Builder component). Impact: potential unauthorized web requests from authenticated users to internal destinations. Remediation:...

Github saleor 安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Github saleor suffers from a security vulnerability that stems from some internal exceptions that are not handled correctly...

Github saleor安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. A security vulnerability exists in saleor versions prior to 3.1.2 that stems from incorrect authorization in the applicatio...