Vulnerabilities > Mirumee
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-30 | CVE-2020-15085 | Unspecified vulnerability in Mirumee Saleor In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. | 6.1 |
2020-01-24 | CVE-2020-7964 | Missing Authentication for Critical Function vulnerability in Mirumee Saleor An issue was discovered in Mirumee Saleor 2.x before 2.9.1. | 5.3 |
2019-07-15 | CVE-2019-1010304 | Missing Authorization vulnerability in Mirumee Saleor Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. | 5.3 |
2019-07-14 | CVE-2019-13594 | Cross-Site Request Forgery (CSRF) vulnerability in Mirumee Saleor 2.7.0 In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | 8.8 |