4 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-42574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
CVE-2024-40633
Summary: CVE-2024-40633 affects Sylius (Symfony-based) in the /api/v2/shop/adjustments/{id} endpoint. The flaw enables an attacker to enumerate valid adjustment IDs and retrieve order tokens, potentially exposing sensitive guest customer order details. Affected/Root cause: Unauthenticated access ...
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...