Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Impact
Path disclosure in JavaScript variable
Patches
Patch in PrestaShop 8.1.4
References
https://owasp.org/www-community/attacks/Full_Path_Disclosure
Thanks to https://github.com/hugo-fasone
Permalink: https://github.com/advisories/GHSA-3366-9287-7qprJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 9 months ago
CVSS Score: 5.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Identifiers: GHSA-3366-9287-7qpr, CVE-2024-26129
References:
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr
- https://nvd.nist.gov/vuln/detail/CVE-2024-26129
- https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5
- https://owasp.org/www-community/attacks/Full_Path_Disclosure
- https://github.com/advisories/GHSA-3366-9287-7qpr
Blast Radius: 1.7
Affected Packages
packagist:prestashop/prestashop
Dependent packages: 0Dependent repositories: 2
Downloads: 6,159 total
Affected Version Ranges: >= 8.1.0, < 8.1.4
Fixed in: 8.1.4
All affected versions: 8.1.0, 8.1.1, 8.1.2, 8.1.3
All unaffected versions: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0