CVE-2024-29888
27.03.2024, 19:15
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.Enginsight
| Vendor | Product | Version |
|---|---|---|
| saleor | saleor | 3.14.56 ≤ 𝑥 < 3.14.61 |
| saleor | saleor | 3.15.31 ≤ 𝑥 < 3.15.37 |
| saleor | saleor | 3.16.27 ≤ 𝑥 < 3.16.34 |
| saleor | saleor | 3.17.25 ≤ 𝑥 < 3.17.32 |
| saleor | saleor | 3.18.19 ≤ 𝑥 < 3.18.28 |
| saleor | saleor | 3.19.5 ≤ 𝑥 < 3.19.15 |
𝑥
= Vulnerable software versions
References