Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Non-constant time HMAC comparison in Adyen plugin in Saleor
Vulnerability Description
Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
Saleor 安全漏洞
Vulnerability Description
Github saleor是一个无头的 GraphQL 商务平台,提供超快速、动态、个性化的购物体验。美丽的在线商店,在任何地方,在任何设备上。 Saleor Core存在安全漏洞,该漏洞源于容易受到定时攻击,攻击者利用该漏洞可以确定密钥并伪造虚假事件,这可能会影响数据库完整性。
CVSS Information
N/A
Vulnerability Type
N/A