Saleor Security Vulnerabilities and Issues — Saleor CVE List

Lucene search

MirumeeSaleor

4 matches found

CVE•added 2019/07/14 5:15 p.m.•113 views

CVE-2019-13594

In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2020/01/24 8:15 p.m.•42 views

CVE-2020-7964

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).

5.3CVSS5.2AI score0.00315EPSS

CVE•added 2020/06/30 5:15 p.m.•36 views

CVE-2020-15085

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 pers...

6.9CVSS6AI score0.00153EPSS

CVE•added 2019/07/15 3:15 p.m.•31 views

CVE-2019-1010304

Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated us...

5.3CVSS5.3AI score0.00389EPSS