Moderate severityNVD Advisory· Published Jul 2, 2020· Updated Aug 4, 2024
CVE-2020-8176
CVE-2020-8176
Description
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enable_cookies endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@shopify/koa-shopify-authnpm | >= 3.1.61, < 3.1.63 | 3.1.63 |
Affected products
2- koa-shopify-auth/koa-shopify-authdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-jqh7-w5pr-cr56ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8176ghsaADVISORY
- github.com/Shopify/quilt/pull/1455ghsax_refsource_MISCWEB
- hackerone.com/reports/881409ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.