CVE-2023-46498

Name of the Vulnerable Software and Affected Versions EverShop NPM versions prior to 1.0.0-rc.8

Description An issue in EverShop NPM allows a remote attacker to obtain sensitive information and execute arbitrary code via the "/deleteCustomer/route.json" API endpoint. The deleteCustomer route is vulnerable, potentially allowing attackers to manipulate customer data.

Recommendations For versions prior to 1.0.0-rc.8, update to version 1.0.0-rc.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/deleteCustomer/route.json" API endpoint until a patch is applied.