Commerce Core - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2021-032

Project: Commerce Core
Date: 2021-September-22
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass, Information Disclosure

Description

This module provides a system for building an ecommerce solution in their Drupal site.

The module doesn't sufficiently verify access to profile data in certain circumstances.

This vulnerability is mitigated by the fact that an attacker must have permission to perform the checkout operation.

Install the latest version:

If you use the Commerce module for Drupal 8.x, upgrade to Commerce 8.x-2.27