Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saleor Storefront session leak in cache
Vulnerability Description
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Mirumee Software Saleor Storefront 安全漏洞
Vulnerability Description
Mirumee Software Saleor Storefront是波兰Mirumee Software公司的一款基于Web的单页电子商务应用程序。 Mirumee Software Saleor Storefront存在安全漏洞,该漏洞源于当任何用户在店面中进行身份验证时,匿名用户都可以访问其数据。
CVSS Information
N/A
Vulnerability Type
N/A