PyPi: Saleor

CVE-2024-29888

Safety vulnerability ID: 71943

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 27, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address.

Affected package

saleor

Latest version: 2.10.1

A modular, high performance e-commerce storefront built with GraphQL, Django, and ReactJS.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-mrj3-f2h4-7w45
https://github.com/saleor/saleor/pull/15697
https://github.com/saleor/saleor/pull/15694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29888

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application