WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-11007 Vulnerability in maven package com.shopizer:sm-core-model

Description

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.

Remediation

References

https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a

https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj

Related Vulnerabilities

CVE-2022-23623 Vulnerability in npm package frourio

CVE-2023-25576 Vulnerability in npm package @fastify/multipart

CVE-2020-26291 Vulnerability in maven package org.webjars.bower:urijs

CVE-2011-4969 Vulnerability in npm package jquery

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-kar

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Patch Third Party Advisory