CVE-2020-15243

Improper Authentication in npm/smartstore

Identifiers

CVE-2020-15243, GHSA-8g9m-jx26-qp4h

Package Slug

npm/smartstore

Vulnerability

Improper Authentication

Description

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops which have installed and activated the Web API plugin. Users of Smartstore must merge their repository with or overwrite the file SmartStore.Web.Framework in the /bin directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.

Affected Versions

All versions starting from 4.0.0 up to 4.0.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-10-22

source