E-commerce Address Manipulation Vulnerability in Saleor
CVE-2024-29888

Currently unrated

Key Information:

Vendor: Saleor
Status: Saleor
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-29888?

Saleor, a robust e-commerce platform, has an address manipulation vulnerability wherein customers utilizing the 'Pickup: Local stock only' delivery option may overwrite the intended warehouse address with their personal address. This flaw can lead to unintended exposure of customer information, compromising operational security for businesses relying on Saleor. Affected versions have been patched to enhance security and protect user data from potential misuse.

References

https://github.com/saleor/saleor/security/advisories/GHSA...

https://github.com/saleor/saleor/pull/15694

https://github.com/saleor/saleor/pull/15697

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024

CVE-2024-29888 Data

JSON