Lucene search
K
NebulabSolidus

4 matches found

CVE
CVE
added 2022/06/01 5:25 p.m.528 views

CVE-2022-31000

The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...

4.3CVSS4.3AI score0.00367EPSS
CVE
CVE
added 2020/08/04 11:0 p.m.79 views

CVE-2020-15109

Summary: CVE-2020-15109 affects Solidus before 2.8.6, 2.9.6, and 2.10.2, enabling a malicious customer to change the current order’s address via crafted checkout data without updating shipment costs, impacting stores with at least two shipping zones and varying zone costs. Root cause: the checkou...

5.3CVSS5.1AI score0.00896EPSS
CVE
CVE
added 2021/12/07 5:25 p.m.70 views

CVE-2021-43805

CVE-2021-43805 (Solidus) is a denial-of-service vulnerability affecting Solidus versions prior to 3.1.4, 3.0.4, and 2.11.13, caused by an exponential backtracking vulnerability in the regular expression used to validate a guest order email during checkout (pattern fragment like a.a.). The issue c...

7.5CVSS7.6AI score0.01403EPSS
CVE
CVE
added 2021/12/20 9:30 p.m.69 views

CVE-2021-43846

CVE-2021-43846 (solidus_frontend CSRF) affects all solidus_frontend versions before 3.1.5, 3.0.5, and 2.11.14, enabling a malicious site to add items to a user’s cart via CSRF. A patch was introduced in those versions that adds CSRF token verification to the Add to cart action. Connected advisori...

5.3CVSS4.6AI score0.00575EPSS