CVE-2023-46942

Name of the Vulnerable Software and Affected Versions @evershop/evershop versions prior to 1.0.0-rc.8

Description The issue is related to a lack of authentication in the @evershop/evershop package, which allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.

Recommendations For versions prior to 1.0.0-rc.8, update to version 1.0.0-rc.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the GraphQL endpoints until a patch is applied.