CVE-2019-16403

HIGH8.8EPSS 0.29%

Authorization Bypass Through User-Controlled Key in Bagisto

發布日:2019/11/8修改日:2025/11/4

也稱為:GHSA-pwrf-q7h8-jjr7ALPINE-CVE-2019-16403

描述

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

受影響套件(2)

Alpine/elfutilsfrom 0, < 0.174-r0
Packagist/bagisto/bagistofrom 0, < 0.1.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-16403
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-16403
WEBhttps://github.com/bagisto/bagisto/issues/749