oro/customer-portal Security Advisories for 4.2.0-rc (2)
-
[MEDIUM] Storefront user can access history and most viewed data from matching back-office user with the same ID
PKSA-xms8-dtv5-ztwd CVE-2023-48296 GHSA-v7px-46v9-5qwp
Affected version: >=5.1.0,<=5.1.3|>=5.0.0,<=5.0.11|>=4.2.0,<=4.2.10|>=4.1.0,<=4.1.13
Reported by:
GitHub -
[MEDIUM] OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
PKSA-5ddy-25vh-b9qz CVE-2023-32064 GHSA-8gwj-68w6-7v6c
Affected version: >=5.1.0,<5.1.1|>=5.0.0,<5.0.11|>=4.2.0,<=4.2.8
Reported by:
GitHub