Every CVE whose affected-product data names Mirumee Saleor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-13594 — CVSS 8.8 (high): In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST…
CVE-2020-15085 — CVSS 6.9 (medium): In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local…
CVE-2019-1010304 — CVSS 5.3 (medium): Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is…
CVE-2020-7964 — CVSS 5.3 (medium): An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows…