CVE-2023-46942: EverShop vulnerable to improper authorization in GraphQL endpoints

January 13, 2024 (updated January 16, 2024)

Lack of authentication in NPM’s package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.

References

devhub.checkmarx.com/cve-details/CVE-2023-46942/
github.com/advisories/GHSA-ggpm-9qfx-mhwg
github.com/evershopcommerce/evershop/commit/6e16f046e0b95efa16431a5ea41c22215273e9dd
nvd.nist.gov/vuln/detail/CVE-2023-46942

Detect and mitigate CVE-2023-46942 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →