PT-2019-13441 · Mirumee · Mirumee Saleor

Published

2019-07-14

Updated

2022-05-24

CVE-2019-13594

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mirumee Saleor versions prior to 2.8.0

Description The issue concerns the accidental disabling of CSRF protection middleware, allowing attackers to send a POST request without a valid CSRF token. This enables the server to accept such requests.

Recommendations For versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-13594

GHSA-FGJH-X3F8-8GMH

Affected Products

Mirumee Saleor

PT-2019-13441 · Mirumee · Mirumee Saleor

CVE-2019-13594

Weakness Enumeration

Related Identifiers

Affected Products

References · 6