CVE-2023-32065

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-32065

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32065.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-32065

Aliases

GHSA-88g2-xgh9-4ph2

Published

2023-11-28T03:36:57Z

Modified

2025-10-20T20:18:44.584147Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

OroCommerce get-totals-for-checkout API endpoint returns unwanted data

Details

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ]
}

References

https://github.com/oroinc/orocommerce/security/advisories/GHSA-88g2-xgh9-4ph2

Affected packages

Git / github.com/oroinc/orocommerce

Affected ranges

Type: GIT
Repo: https://github.com/oroinc/orocommerce
Events: Introduced

4f84e69298456fa41df5331bdfe5af79e529a099

Last affected

12159ca7eaa63d6f79e12f164c4388be70f7b0b0

Type: GIT
Repo: https://github.com/oroinc/orocommerce
Events: Introduced

c2cd64739319fe0c592a64a94c727ed3a091b999

Fixed

4257b3c999a99ed751cc6a839a87ac994d2d7f70

Type: GIT
Repo: https://github.com/oroinc/orocommerce
Events: Introduced

5819184990cb46a634a3bd78e05a61fe63deef49

Fixed

3635983552d818bcdb99a427fb00429eee73c3e9

Affected versions

4.*

4.2.0

4.2.1

4.2.10

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

5.*

5.0.0

5.0.1

5.0.10

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.1.0