CVE-2023-32694
- EPSS 0.31%
- Veröffentlicht 25.05.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:03:52
Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determin...
CVE-2023-26051
- EPSS 0.27%
- Veröffentlicht 02.03.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:50:39
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information l...
CVE-2023-26052
- EPSS 0.18%
- Veröffentlicht 02.03.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:50:39
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information l...
CVE-2022-39275
- EPSS 0.34%
- Veröffentlicht 06.10.2022 18:16:17
- Zuletzt bearbeitet 21.11.2024 07:17:56
Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerab...
CVE-2022-0932
- EPSS 0.28%
- Veröffentlicht 11.03.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:39:41
Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2.