CVE-2023-48296

Опубликовано: 25 мар. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.

Ссылки

https://github.com/oroinc/orocommerce/commit/41c526498012d44cd88852c63697f1ef53b61db8
Patch
https://github.com/oroinc/orocommerce/security/advisories/GHSA-v7px-46v9-5qwp
Vendor Advisory
https://github.com/oroinc/orocommerce/commit/41c526498012d44cd88852c63697f1ef53b61db8
Patch
https://github.com/oroinc/orocommerce/security/advisories/GHSA-v7px-46v9-5qwp
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 5.1.4 (исключая)

EPSS

Процентиль: 45%

0.00229

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-v7px-46v9-5qwp