Marcin Gębala

3 exploits Active since Jan 2020
CVE-2020-7964 WRITEUP MEDIUM WRITEUP
Mirumee Saleor <2.9.1 - Info Disclosure
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).
CVSS 5.3
CVE-2022-0932 WRITEUP MEDIUM WRITEUP
Saleor < 3.1.2 - Missing Authorization
Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2.
CVSS 6.5
CVE-2023-26051 WRITEUP MEDIUM WRITEUP
Saleor - Info Disclosure
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
CVSS 6.5