Vulnerabilities > Evershop > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-13 | CVE-2023-46942 | Improper Authentication vulnerability in Evershop 1.0.0 Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | 7.5 |
| 2023-12-08 | CVE-2023-46496 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | 8.3 |