CVE-2024-26129

Опубликовано: 19 фев. 2024

Источник: nvd

CVSS3: 5.8

CVSS3: 5.3

EPSS Низкий

Описание

PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5
Patch
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr
Vendor Advisory
https://owasp.org/www-community/attacks/Full_Path_Disclosure
Not Applicable
https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5
Patch
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr
Vendor Advisory
https://owasp.org/www-community/attacks/Full_Path_Disclosure
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 8.1.0 (включая) до 8.1.4 (исключая)

EPSS

Процентиль: 60%

0.00392

Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-3366-9287-7qpr

CVSS3: 5.8

github

почти 2 года назад

Path disclosure in JavaScript variable

EPSS

Процентиль: 60%

0.00392

Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-22