Lozcalver

**Name of the Vulnerable Software and Affected Versions** silverstripe-omnipay versions prior to 2.5.2 silverstripe-omnipay versions prior to 3.0.2 silverstripe-omnipay versions prior to 3.1.4 silverstripe-omnipay versions prior to 3.2.1 **Description** For a subset of Omnipay gateways, if the payment identifier or success URL is exposed, it is possible for payments to be prematurely marked as completed without payment being taken. This issue is mitigated by the fact that most payment gateways hide this information from users. However, some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. **Recommendations** For versions prior to 2.5.2, update to version 2.5.2 or later. For versions prior to 3.0.2, update to version 3.0.2 or later. For versions prior to 3.1.4, update to version 3.1.4 or later. For versions prior to 3.2.1, update to version 3.2.1 or later.