CVE-2024-29888 - Vulnerability Details - OpenCVE

Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761
https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c
https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b
https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26
https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4
https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95
https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182
https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640
https://github.com/saleor/saleor/pull/15694
https://github.com/saleor/saleor/pull/15697
https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-27T18:53:44.698Z

Updated: 2024-08-02T01:17:58.440Z

Reserved: 2024-03-21T15:12:08.997Z

Link: CVE-2024-29888

Vulnrichment

Updated: 2024-08-02T01:17:58.440Z

NVD

Status : Awaiting Analysis

Published: 2024-03-27T19:15:49.410

Modified: 2024-11-21T09:08:33.193

Link: CVE-2024-29888

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29888", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-21T15:12:08.997Z", "datePublished": "2024-03-27T18:53:44.698Z", "dateUpdated": "2024-08-02T01:17:58.440Z"}, "containers": {"cna": {"title": "Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method", "problemTypes": [{"descriptions": [{"cweId": "CWE-359", "lang": "en", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}, {"name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/pull/15694"}, {"name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/pull/15697"}, {"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}], "affected": [{"vendor": "saleor", "product": "saleor", "versions": [{"version": ">= 3.14.56, < 3.14.61", "status": "affected"}, {"version": ">= 3.15.31, < 3.15.37", "status": "affected"}, {"version": ">= 3.16.27, < 3.16.34", "status": "affected"}, {"version": ">= 3.17.25, < 3.17.32", "status": "affected"}, {"version": ">= 3.18.19, < 3.18.28", "status": "affected"}, {"version": ">= 3.19.5, < 3.19.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-27T18:53:44.698Z"}, "descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}], "source": {"advisory": "GHSA-mrj3-f2h4-7w45", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29888", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-27T19:54:53.329148Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:18.651Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.440Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}, {"name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/pull/15694"}, {"name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/pull/15697"}, {"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/pull/15694", "name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/pull/15697", "name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.440Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29888", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-27T19:54:53.329148Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:38.372Z"}}], "cna": {"title": "Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method", "source": {"advisory": "GHSA-mrj3-f2h4-7w45", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "saleor", "product": "saleor", "versions": [{"status": "affected", "version": ">= 3.14.56, < 3.14.61"}, {"status": "affected", "version": ">= 3.15.31, < 3.15.37"}, {"status": "affected", "version": ">= 3.16.27, < 3.16.34"}, {"status": "affected", "version": ">= 3.17.25, < 3.17.32"}, {"status": "affected", "version": ">= 3.18.19, < 3.18.28"}, {"status": "affected", "version": ">= 3.19.5, < 3.19.15"}]}], "references": [{"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/saleor/saleor/pull/15694", "name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/pull/15697", "name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-27T18:53:44.698Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29888", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.440Z", "dateReserved": "2024-03-21T15:12:08.997Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-27T18:53:44.698Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}, {"lang": "es", "value": "Saleor es una plataforma de comercio electr\u00f3nico que presta servicios a empresas de gran volumen. Cuando se utiliza \"Pickup: Local stock only\", hacer clic y recoger como m\u00e9todo de entrega en condiciones espec\u00edficas, el cliente podr\u00eda sobrescribir la direcci\u00f3n del almac\u00e9n con la suya propia, lo que expone su direcci\u00f3n como direcci\u00f3n de hacer clic y recoger. Este problema se ha solucionado en las versiones: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}], "id": "CVE-2024-29888", "lastModified": "2024-11-21T09:08:33.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-27T19:15:49.410", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/pull/15694"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/pull/15697"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/pull/15694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/pull/15697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "security-advisories@github.com", "type": "Secondary"}]}