BIT-prestashop-2024-26129

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/prestashop/BIT-prestashop-2024-26129.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-prestashop-2024-26129

Aliases

CVE-2024-26129
GHSA-3366-9287-7qpr

Published

2024-03-31T18:26:56.335Z

Modified

2024-07-18T07:56:34.499Z

Summary

[none]

Details

PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.

References

https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr
https://owasp.org/www-community/attacks/Full_Path_Disclosure

Affected packages

Bitnami / prestashop

Package

Name: prestashop
Purl: pkg:bitnami/prestashop

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.1.0

Fixed

8.1.4