20 matches found
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
EUVD-2021-1489
Malware in sbrugna...
EUVD-2022-3777
Malicious code in bioql PyPI...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
Mirumee Software Saleor Storefront 安全漏洞
Mirumee Software Saleor Storefront is a web-based, single-page e-commerce application from Mirumee Software, Poland. A security vulnerability exists in Mirumee Software Saleor Storefront that stems from the fact that when any user authenticates in the storefront, an anonymous user can access its...
Mirumee Saleor CSRF Protection Disabled
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
GHSA-FGJH-X3F8-8GMH Mirumee Saleor CSRF Protection Disabled
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
GHSA-RGCM-RPQ9-9CGR Missing Authentication for Critical Function in Saleor
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
Unspecified Vulnerability in MIRUMEE SOFTWARE Saleor Storefront
MIRUMEE SOFTWARE Saleor Storefront is a web-based, single-page e-commerce application from the Polish company MIRUMEE SOFTWARE. A security vulnerability exists in MIRUMEE SOFTWARE Saleor Storefront versions prior to 2.10.3, which can be exploited by attackers to extract email names and passwords...
Mirumee Saleor Information Disclosure Vulnerability
Mirumee Saleor is a modular e-commerce platform. An information disclosure vulnerability exists in Mirumee Saleor. The vulnerability arises due to a configuration or other error in the operation of a networked system or product. An unauthorized attacker could exploit the vulnerability to obtain...
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
Design/Logic Flaw
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2020-7964
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data e.g., name, address, and previous orders of any other customer...
CVE-2020-7964
Mirumee Saleor 2.x prior to 2.9.1 has an access control flaw in the checkoutCustomerAttach mutations that allows an attacker to attach a checkout to any user ID, leading to leakage of user data (name, address, and previous orders). A fix is available in Saleor 2.9.1 (and later). Monitor for updat...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
Cross site request forgery (csrf)
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...
CVE-2019-13594
CVE-2019-13594 affects Mirumee Saleor 2.7.0 (fixed in 2.8.0). The issue is that CSRF protection middleware was accidentally disabled, allowing a POST request to be accepted without a valid CSRF token. This exposes CSRF risk on affected deployments until updated. Remediation per sources is to upgr...
CVE-2019-13594
In Mirumee Saleor 2.7.0 fixed in 2.8.0, CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server...