Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:21790
HistoryOct 30, 2019 - 4:58 a.m.

Unauthorized Form Data Modification

2019-10-3004:58:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6

0.001 Low

EPSS

Percentile

42.0%

cezerin is vulnerable to unauthorized form data modification. Internal attributes such as paid and tax in the getValidDocumentForUpdate function in api/server/services/orders/orders.js can be overwritten using a conflicting name from user-input. This allows a malicious user to manipulate an order status by adding additional attributes, such as payment status and tax, to user-input during checkout.

CPENameOperatorVersion
cezerinle0.33.0

0.001 Low

EPSS

Percentile

42.0%

Related for VERACODE:21790