PT-2023-33025 · Npm +1 · Cookie-Session +1

Name of the Vulnerable Software and Affected Versions: Vendure affected versions not specified Description: The issue concerns the default cookie settings in Vendure, an e-commerce GraphQL framework, which are insecure due to the SameSite setting being false by default. This setting originates fr...