CVE-2023-46942
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
| Software | From | Fixed in |
|---|---|---|
@evershop / evershop
|
- | 1.0.0-rc.9 |
| evershop / evershop | 1.0.0-beta2 | 1.0.0-beta2.x |
| evershop / evershop | 1.0.0-beta1 | 1.0.0-beta1.x |
| evershop / evershop | 1.0.0-beta | 1.0.0-beta.x |
| evershop / evershop | 1.0.0-rc3 | 1.0.0-rc3.x |
| evershop / evershop | 1.0.0-rc1 | 1.0.0-rc1.x |
| evershop / evershop | 1.0.0-rc2 | 1.0.0-rc2.x |
| evershop / evershop | 1.0.0-beta3 | 1.0.0-beta3.x |
| evershop / evershop | 1.0.0-beta4 | 1.0.0-beta4.x |
| evershop / evershop | 1.0.0-beta5 | 1.0.0-beta5.x |
| evershop / evershop | 1.0.0-rc5 | 1.0.0-rc5.x |
| evershop / evershop | 1.0.0-rc6 | 1.0.0-rc6.x |
| evershop / evershop | 1.0.0-rc7 | 1.0.0-rc7.x |
- https://advisory.checkmarx.net/advisory/CVE-2023-46942
- https://devhub.checkmarx.com/cve-details/CVE-2023-46942
- https://devhub.checkmarx.com/cve-details/CVE-2023-46942/
- https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5
- https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5/
- https://github.com/evershopcommerce/evershop/commit/6e16f046e0b95efa16431a5ea41c22215273e9dd
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime