CVE-2023-23941

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-23941
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23941.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-23941
Aliases
Published
2023-02-03T21:15:11Z
Modified
2024-05-15T01:16:31.649562Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.

References

Affected packages

Git / github.com/shopware/swagpaypal

Affected ranges

Type
GIT
Repo
https://github.com/shopware/swagpaypal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.10.0
0.10.1
0.11.0
0.11.1
0.13.0

1.*

1.0.0
1.1.0
1.1.1
1.10.0
1.2.0
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
1.9.2
1.9.3

2.*

2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.2.0
3.2.1
3.3.0
3.3.1
3.3.1.1
3.4.0
3.5.0

4.*

4.0.0
4.1.0
4.1.1

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.1.0
5.1.1
5.1.2
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3