Описание
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Detailed Checkout totals information may be received by Checkout ID
Пакеты
Наименование
oro/commerce
composer
Затронутые версииВерсия исправления
>= 4.2.0, <= 4.2.10
Отсутствует
Наименование
oro/commerce
composer
Затронутые версииВерсия исправления
>= 5.0.0, < 5.0.11
5.0.11
Наименование
oro/commerce
composer
Затронутые версииВерсия исправления
>= 5.1.0, < 5.1.1
5.1.1
Связанные уязвимости
CVSS3: 5.8
nvd
около 2 лет назад
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.