CVE-2020-15243, GHSA-8g9m-jx26-qp4h
npm/smartstore
Improper Authentication
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops which have installed and activated the Web API plugin. Users of Smartstore must merge their repository with or overwrite the file SmartStore.Web.Framework
in the /bin
directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.
All versions starting from 4.0.0 up to 4.0.1
Unfortunately, there is no solution available yet.
2020-10-22
source |