Advisory Database
  • Advisories
  • Dependency Scanning
  1. npm
  2. ›
  3. @evershop/evershop
  4. ›
  5. CVE-2023-46942

CVE-2023-46942: EverShop vulnerable to improper authorization in GraphQL endpoints

January 13, 2024 (updated January 16, 2024)

Lack of authentication in NPM’s package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.

References

  • devhub.checkmarx.com/cve-details/CVE-2023-46942/
  • github.com/advisories/GHSA-ggpm-9qfx-mhwg
  • github.com/evershopcommerce/evershop/commit/6e16f046e0b95efa16431a5ea41c22215273e9dd
  • nvd.nist.gov/vuln/detail/CVE-2023-46942

Code Behaviors & Features

Detect and mitigate CVE-2023-46942 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 1.0.0-rc.9

Fixed versions

  • 1.0.0-rc.9

Solution

Upgrade to version 1.0.0-rc.9 or above. *Note*: 1.0.0-rc.9 may be an unstable version. Use caution.

Source file

npm/@evershop/evershop/CVE-2023-46942.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:58 +0000.