Homepage

shuup@1.8.2 vulnerabilities

E-Commerce Platform

  • latest version

    3.1.0

  • latest non vulnerable version

    3.1.0

  • first published

    6 years ago

  • latest version published

    3 years ago

  • licenses detected

  • View shuup package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the shuup package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    CSV Injection

    Affected versions of this package are vulnerable to CSV Injection. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.

    How to fix CSV Injection?

    Upgrade shuup to version 2.11.0 or higher.

    [,2.11.0)
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This is due to views returning unescaped content.

    How to fix Cross-site Scripting (XSS)?

    Upgrade shuup to version 2.11.0 or higher.

    [1.6.0,2.11.0)
    Go back to all versions of this package