Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Vulnerability Description
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
侵犯隐私
Vulnerability Title
Saleor 安全漏洞
Vulnerability Description
Github saleor是一个无头的 GraphQL 商务平台,提供超快速、动态、个性化的购物体验。美丽的在线商店,在任何地方,在任何设备上。 Saleor存在安全漏洞,该漏洞源于存在客户地址泄露问题。受影响的产品和版本:Saleor 3.14.56至3.14.61版本,3.15.31至3.15.37版本,3.16.27至3.16.34版本,3.17.25至3.17.32版本,3.18.19至3.18.28版本,3.19.5至3.19.15版本。
CVSS Information
N/A
Vulnerability Type
N/A