Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mirumee saleor vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-13594
In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed malicious users to send a POST request without a valid CSRF token and be accepted by the server.
Mirumee Saleor 2.7.0
6.1
CVSSv3
CVE-2020-15085
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versi...
Mirumee Saleor
5.3
CVSSv3
CVE-2020-7964
An issue exists in Mirumee Saleor 2.x prior to 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows malicious users to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).
Mirumee Saleor
5.3
CVSSv3
CVE-2019-1010304
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is:...
Mirumee Saleor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started