CVE-2024-29036

Name of the Vulnerable Software and Affected Versions Saleor Storefront versions prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783

Description The issue affects Saleor Storefront, software for building e-commerce experiences. When any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone.

Recommendations To resolve the issue, users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. As a temporary workaround, consider disabling authentication by changing the usage of createSaleorAuthClient().