Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mirumee saleor vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-15085
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versi...
Mirumee Saleor
5.3
CVSSv3
CVE-2019-1010304
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is:...
Mirumee Saleor
5.3
CVSSv3
CVE-2020-7964
An issue exists in Mirumee Saleor 2.x prior to 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows malicious users to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).
Mirumee Saleor
8.8
CVSSv3
CVE-2019-13594
In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed malicious users to send a POST request without a valid CSRF token and be accepted by the server.
Mirumee Saleor 2.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started