CVE-2019-13594

Published July 14th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.

saleor/saleor

Saleor Core: the high performance, composable, headless commerce API.

GitHub

23K