Vendure-ecommerce Vendure
2 CVEs affecting Vendure-ecommerce Vendure. Latest disclosed: 2024-10-15. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-48914 | Critical | 9.1 | 2024-10-15 | Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to… |
CVE-2022-23065 | Medium | 5.4 | 2022-05-02 | In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that con… |