CVE-2024-29888
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-29888
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29888.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-29888
- Aliases
- Published
- 2024-03-27T19:15:49Z
- Modified
- 2024-10-08T04:10:34.296728Z
- Summary
- [none]
- Details
-
Saleor is an e-commerce platform that serves high-volume companies. When using
Pickup: Local stock onlyclick-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions:3.14.61,3.15.37,3.16.34,3.17.32,3.18.28,3.19.15. - References
-
- https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45
- https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761
- https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c
- https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b
- https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26
- https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4
- https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95
- https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182
- https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640
- https://github.com/saleor/saleor/pull/15694
- https://github.com/saleor/saleor/pull/15697
Affected packages
Git / github.com/saleor/saleor
Affected ranges
- Type
- GIT
- Repo
- https://github.com/saleor/saleor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixedFixedFixedFixed
Affected versions
2.*
2.0.0
2.1.0
2.10.0
2.10.0-rc.1
2.10.0-rc.2
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
3.*
3.0.0-a.0
3.11.0-a.0
3.12.0-a.0
3.13.0-a.0
3.14.0
3.14.0-a.0
3.14.0-a.1
3.14.1
3.14.10
3.14.11
3.14.12
3.14.13
3.14.14
3.14.15
3.14.16
3.14.17
3.14.18
3.14.19
3.14.2
3.14.20
3.14.21
3.14.22
3.14.23
3.14.24
3.14.25
3.14.26
3.14.27
3.14.28
3.14.29
3.14.3
3.14.30
3.14.31
3.14.32
3.14.33
3.14.34
3.14.35
3.14.36
3.14.37
3.14.38
3.14.39
3.14.4
3.14.40
3.14.41
3.14.42
3.14.43
3.14.44
3.14.45
3.14.46
3.14.47
3.14.48
3.14.49
3.14.50
3.14.51
3.14.52
3.14.53
3.14.54
3.14.55
3.14.6
3.14.7
3.14.8
3.14.9
3.15.0
3.15.0-a.0
3.15.0-a.1
3.15.1
3.15.10
3.15.11
3.15.12
3.15.13
3.15.14
3.15.15
3.15.16
3.15.17
3.15.18
3.15.19
3.15.2
3.15.20
3.15.21
3.15.22
3.15.23
3.15.24
3.15.25
3.15.26
3.15.27
3.15.28
3.15.29
3.15.3
3.15.30
3.15.4
3.15.5
3.15.6
3.15.7
3.15.8
3.15.9
3.16.0
3.16.0-a.0
3.16.0-a.1
3.16.1
3.16.10
3.16.11
3.16.12
3.16.13
3.16.14
3.16.15
3.16.16
3.16.17
3.16.18
3.16.19
3.16.2
3.16.20
3.16.21
3.16.22
3.16.23
3.16.24
3.16.25
3.16.26
3.16.3
3.16.4
3.16.5
3.16.6
3.16.7
3.16.8
3.16.9
3.17.0
3.17.0-a.0
3.17.1
3.17.10
3.17.11
3.17.12
3.17.13
3.17.14
3.17.15
3.17.16
3.17.17
3.17.18
3.17.19
3.17.2
3.17.20
3.17.21
3.17.22
3.17.23
3.17.24
3.17.3
3.17.4
3.17.5
3.17.6
3.17.7
3.17.8
3.17.9
3.18.0
3.18.0-a.0
3.18.0-a.1
3.18.1
3.18.10
3.18.11
3.18.12
3.18.13
3.18.14
3.18.15
3.18.16
3.18.17
3.18.18
3.18.2
3.18.3
3.18.4
3.18.5
3.18.6
3.18.7
3.18.8
3.18.9
3.19.0
3.19.0-a.0
3.19.1
3.19.2
3.19.3
3.19.4
3.2.0
v2016.*
v2016.07.0
v2017.*
v2017.02.0
v2017.02.1
v2017.03.0
v2017.03.1
v2017.03.2
v2017.03.3
v2017.03.4
v2017.07.0
v2017.09
v2017.10
v2017.11
v2017.12
v2017.12.1
v2018.*
v2018.01
v2018.02
v2018.03
v2018.04
v2018.05
v2018.06
v2018.08
v2018.09