CVE-2020-11007: Improper Input Validation

April 16, 2020 (updated April 29, 2020)

In Shopizer, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart.

References

nvd.nist.gov/vuln/detail/CVE-2020-11007

Detect and mitigate CVE-2020-11007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →