CVE-2020-7964

Name of the Vulnerable Software and Affected Versions Mirumee Saleor versions prior to 2.9.1

Description The issue is related to incorrect access control in the checkoutCustomerAttach mutations, allowing attackers to attach their checkouts to any user id and leak user data, such as name, address, and previous orders of other customers.

Recommendations For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the checkoutCustomerAttach mutations to prevent unauthorized attachment of checkouts to other user IDs.