GHSA-pwrf-q7h8-jjr7

Suggest an improvement
Source
https://github.com/advisories/GHSA-pwrf-q7h8-jjr7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-pwrf-q7h8-jjr7/GHSA-pwrf-q7h8-jjr7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pwrf-q7h8-jjr7
Aliases
Published
2019-11-08T20:06:24Z
Modified
2023-11-08T04:01:17.799658Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Authorization Bypass Through User-Controlled Key in Bagisto
Details

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-25T12:47:46Z",
    "nvd_published_at": "2019-09-18T12:15:00Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-639"
    ]
}
References

Affected packages

Packagist / bagisto/bagisto

Package

Name
bagisto/bagisto
Purl
pkg:composer/bagisto/bagisto

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.5

Affected versions

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4-BETA1
v0.1.4-BETA2
v0.1.4-BETA3
v0.1.4-BETA4
v0.1.4