php · shopper/frameworkCritical
shopper/framework: Three security defects in admin Livewire components
Three security defects in admin Livewire components: IDOR via unlocked properties, sensitive data disclosure through Hidden password field, and stored XSS on pr
What changed
Three security defects in admin Livewire components: IDOR via unlocked properties, sensitive data disclosure through Hidden password field, and stored XSS on product barcode.
Who it affects
All installations of shopper/framework prior to v2.8.0.
What to do today
Upgrade to v2.8.0 using composer require shopper/admin:^2.8.
The trail
Collected→
Audited→
Written→
Published