npm package
@shopify/koa-shopify-auth
pkg:npm/%40shopify/koa-shopify-auth
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8176 | — | >= 3.1.61, < 3.1.63 | 3.1.63 | Jul 2, 2020 | A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint. |
- CVE-2020-8176Jul 2, 2020affected >= 3.1.61, < 3.1.63fixed 3.1.63
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.