Lucene search
Veracode Vulnerability DatabaseVERACODE:39182HistoryFeb 09, 2023 - 1:12 p.m.
Insufficient Verification Of Data Authenticity
2023-02-0913:12:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
data integrity
javascript-based methods
paypal checkout
0.001 Low
EPSS
Percentile
22.7%
swag/paypal is vulnerable to Insufficient Verification Of Data Authenticity. When the JavaScript-based PayPal checkout methods (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card) are used the amount and item list sent to PayPal may not be identical to the one in the created order.
| CPE | Name | Operator | Version |
|---|---|---|---|
| swag/paypal | le | 5.4.3 | |
| swag/paypal | le | 5.4.3 |
References
github.com/shopware/SwagPayPal/commit/411282365ee28de0138dad149a775af808923c9f
github.com/shopware/SwagPayPal/commit/56e63f93e5009b194e8d419ae08337dbd41ac546
github.com/shopware/SwagPayPal/commit/57db5f4a57ef0a1646b509b415de9f03bf441b08
github.com/shopware/SwagPayPal/security/advisories/GHSA-vxpm-8hcp-qh27
news.shopware.com/security-issue-in-paypal-plugin-update-required
Related
github
github
osv
osv
CVE-2023-23941
2023-02-03 21:15:11
cve
cve
CVE-2023-23941
2023-02-03 21:15:11
prion
prion
Design/Logic Flaw
2023-02-03 21:15:00
cvelist
cvelist
CVE-2023-23941 SwagPayPal payment not sent to PayPal correctly
2023-02-03 20:26:52
nvd
nvd
CVE-2023-23941
2023-02-03 21:15:11