CVE-2024-29888

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29888
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29888.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-29888
Aliases
Published
2024-03-27T18:53:44.698Z
Modified
2026-01-10T06:16:41.084232Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Details

Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: 3.14.61, 3.15.37, 3.16.34, 3.17.32, 3.18.28, 3.19.15.

Database specific 
{
    "cwe_ids": [
        "CWE-359"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29888.json"
}
References

Affected packages

Git / github.com/saleor/saleor

Affected ranges

Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
612693af6fbed23f6e72929a2a93e81a306326b2
Fixed
878a50aba3a335565ad7ef440aeade90380dc726
Database specific 
{
    "versions": [
        {
            "introduced": "3.14.56"
        },
        {
            "fixed": "3.14.61"
        }
    ]
}
Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
dd88f4c4cf8d457e3b1f56eebce590b8ed07f709
Fixed
8f0f6908f204c4e8929f3a2aa75274a9738b7e40
Database specific 
{
    "versions": [
        {
            "introduced": "3.15.31"
        },
        {
            "fixed": "3.15.37"
        }
    ]
}
Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
58ec424d6d3234c7927072a56387e2fd2f82954a
Fixed
caf4e77f1b118d01373fcdd01bb404b28e92045f
Database specific 
{
    "versions": [
        {
            "introduced": "3.16.27"
        },
        {
            "fixed": "3.16.34"
        }
    ]
}
Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
ec8421503cd12cbd51747337f1e4560785a07415
Fixed
b3b950229b3c88c720b5b7d187cb530b6afd5779
Database specific 
{
    "versions": [
        {
            "introduced": "3.17.25"
        },
        {
            "fixed": "3.17.32"
        }
    ]
}
Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
cb3c588d8c697eeaac97e50bf64c40d4ae5fc350
Fixed
7d28717e5b642d913cccf8d2ad7260642ad30a4d
Database specific 
{
    "versions": [
        {
            "introduced": "3.18.19"
        },
        {
            "fixed": "3.18.28"
        }
    ]
}
Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
30644b29a923bd60bd75e50a7ded7d8fcf20b043
Fixed
faee408b8dfc4ac5d64bfc1282a675af2b62985f
Database specific 
{
    "versions": [
        {
            "introduced": "3.19.5"
        },
        {
            "fixed": "3.19.15"
        }
    ]
}

Affected versions

3.*

3.14.56
3.14.57
3.14.58
3.14.59
3.14.60
3.15.31
3.15.32
3.15.33
3.15.34
3.15.35
3.15.36
3.16.27
3.16.28
3.16.29
3.16.30
3.16.31
3.16.32
3.16.33
3.17.25
3.17.26
3.17.27
3.17.28
3.17.29
3.17.30
3.17.31
3.18.19
3.18.20
3.18.21
3.18.22
3.18.23
3.18.24
3.18.25
3.18.26
3.18.27
3.19.10
3.19.11
3.19.12
3.19.13
3.19.14
3.19.5
3.19.6
3.19.7
3.19.8
3.19.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29888.json"