Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Vulnerability Description
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor 3.2.0 could have PIIs exfiltrated. The issue has been patched in Saleor versions: 3.22.29, 3.21.45, and 3.20.110. To workaround, temporarily block non-staff users from fetching order information (the order() GraphQL query) using a WAF.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
saleor 安全漏洞
Vulnerability Description
saleor是Saleor Commerce开源的一个接口软件。 saleor 3.2.0至3.20.109版本、3.21.0-a.0至3.21.44版本和3.22.0-a.0至3.22.28版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致未经验证的参与者以明文形式提取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A