VYPR
Critical severityNVD Advisory· Published Apr 16, 2020· Updated Aug 4, 2024

Negative charge in shopping cart possible in Shopizer

CVE-2020-11007

Description

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.shopizer:sm-core-modelMaven
< 2.11.02.11.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.