Vulnerabilities > Mirumee > Saleor > 2.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-30 | CVE-2020-15085 | Cleartext Storage of Sensitive Information vulnerability in Mirumee Saleor In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. | 2.1 |
2020-01-24 | CVE-2020-7964 | Information Exposure vulnerability in Mirumee Saleor An issue was discovered in Mirumee Saleor 2.x before 2.9.1. | 5.0 |
2019-07-14 | CVE-2019-13594 | Cross-Site Request Forgery (CSRF) vulnerability in Mirumee Saleor 2.7.0 In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | 6.8 |