CVE - CVE-2024-29888

CVE-ID
CVE-2024-29888	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761 URL:https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761 MISC:https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c URL:https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c MISC:https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b URL:https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b MISC:https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26 URL:https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26 MISC:https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4 URL:https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4 MISC:https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95 URL:https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95 MISC:https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182 URL:https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182 MISC:https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640 URL:https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640 MISC:https://github.com/saleor/saleor/pull/15694 URL:https://github.com/saleor/saleor/pull/15694 MISC:https://github.com/saleor/saleor/pull/15697 URL:https://github.com/saleor/saleor/pull/15697 MISC:https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45 URL:https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240321	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240321)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.