DRUPAL-CONTRIB-2024-021

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/commerce_view_receipt/DRUPAL-CONTRIB-2024-021.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-021
Aliases
  • CVE-2024-13257
Published
2024-05-22T16:21:55Z
Modified
2025-12-10T23:41:26.635260Z
Summary
[none]
Details

The Commerce View Receipts module enables you to view commerce order receipts in the browser.

The module doesn't sufficiently check access permissions, allowing an unauthorised user to view the private information of other customers.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/commerce_view_receipt

Package

Name
drupal/commerce_view_receipt
Purl
pkg:composer/drupal/commerce_view_receipt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3
Database specific
{
    "constraint": "<1.0.3"
}

Database specific

affected_versions
"<1.0.3"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/commerce_view_receipt/DRUPAL-CONTRIB-2024-021.json"