4 matches found
CVE-2022-31000
The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...
CVE-2020-15109
Summary: CVE-2020-15109 affects Solidus before 2.8.6, 2.9.6, and 2.10.2, enabling a malicious customer to change the current order’s address via crafted checkout data without updating shipment costs, impacting stores with at least two shipping zones and varying zone costs. Root cause: the checkou...
CVE-2021-43805
CVE-2021-43805 (Solidus) is a denial-of-service vulnerability affecting Solidus versions prior to 3.1.4, 3.0.4, and 2.11.13, caused by an exponential backtracking vulnerability in the regular expression used to validate a guest order email during checkout (pattern fragment like a.a.). The issue c...
CVE-2021-43846
CVE-2021-43846 (solidus_frontend CSRF) affects all solidus_frontend versions before 3.1.5, 3.0.5, and 2.11.14, enabling a malicious site to add items to a user’s cart via CSRF. A patch was introduced in those versions that adds CSRF token verification to the Add to cart action. Connected advisori...