CVE-2020-11007: Improper Input Validation

April 22, 2020 (updated January 8, 2021)

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.

References

github.com/advisories/GHSA-w8rc-pgxq-x2cj
github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a
github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj
nvd.nist.gov/vuln/detail/CVE-2020-11007

Code Behaviors & Features

Detect and mitigate CVE-2020-11007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →