VYPR
Moderate severityNVD Advisory· Published Mar 27, 2024· Updated Aug 2, 2024

Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method

CVE-2024-29888

Description

Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: 3.14.61, 3.15.37, 3.16.34, 3.17.32, 3.18.28, 3.19.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saleorPyPI
>= 3.14.56, < 3.14.613.14.61
saleorPyPI
>= 3.15.31, < 3.15.373.15.37
saleorPyPI
>= 3.16.27, < 3.16.343.16.34
saleorPyPI
>= 3.17.25, < 3.17.323.17.32
saleorPyPI
>= 3.18.19, < 3.18.283.18.28
saleorPyPI
>= 3.19.5, < 3.19.153.19.15

Affected products

2

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.