CVE-2023-32694

CVE-2023-32694

Saleor Core is a composable, headless commerce API. Saleor’s `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16.

Source: CVE-2023-32694

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다