Vulnerability Database

322,732

Total vulnerabilities in the database

CVE-2020-7964

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).

Published: Jan 24, 2020
Updated: Nov 9, 2025
CVE: CVE-2020-7964
GHSA: GHSA-rgcm-rpq9-9cgr
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
mirumee / saleor	2.0.0	2.9.1
saleor	2.0.0	2.9.1

https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3
https://github.com/mirumee/saleor/releases/tag/2.9.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo