Vulnerability Database

322,732

Total vulnerabilities in the database

CVE-2024-29888

Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: 3.14.61, 3.15.37, 3.16.34, 3.17.32, 3.18.28, 3.19.15.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Python icon saleor 3.14.56 3.14.61
Python icon saleor 3.15.31 3.15.37
Python icon saleor 3.16.27 3.16.34
Python icon saleor 3.17.25 3.17.32
Python icon saleor 3.18.19 3.18.28
Python icon saleor 3.19.5 3.19.15
saleor / saleor 3.14.56 3.14.61
saleor / saleor 3.15.31 3.15.37
saleor / saleor 3.16.27 3.16.34
saleor / saleor 3.17.25 3.17.32
saleor / saleor 3.18.19 3.18.28
saleor / saleor 3.19.5 3.19.15