GHSA-pmc7-hmmw-g96q

Suggest an improvement
Source
https://github.com/advisories/GHSA-pmc7-hmmw-g96q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-pmc7-hmmw-g96q/GHSA-pmc7-hmmw-g96q.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pmc7-hmmw-g96q
Aliases
  • CVE-2023-36238
Published
2024-03-13T21:31:02Z
Modified
2024-12-04T22:47:41.466121Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Details

Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter.

Database specific
{
    "nvd_published_at": "2024-03-13T21:15:53Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-15T21:03:01Z"
}
References

Affected packages

Packagist / bagisto/bagisto

Package

Name
bagisto/bagisto
Purl
pkg:composer/bagisto/bagisto

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2

Affected versions

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4-BETA1
v0.1.4-BETA2
v0.1.4-BETA3
v0.1.4-BETA4
v0.1.4
v0.1.5
v0.1.6-ALPHA1
v0.1.6
v0.1.7-BETA1
v0.1.7-BETA2
v0.1.7
v0.1.8
v0.1.9-BETA1
v0.1.9
v0.2.0
v0.2.1
v0.2.2

v1.*

v1.0.0-BETA1
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.2.0-BETA1
v1.2.0
v1.3.0
v1.3.1