Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2018-August-29
Vulnerability:
Access bypass
Affected versions:
<2.9.0
Description:
This module enables you to build eCommerce websites and applications with Drupal.
The module doesn't sufficiently check access for some of its entity types.
Solution:
Update to Commerce 8.x-2.9.
Reported By:
- Samuel Mortenson of the Drupal Security Team
Fixed By:
- Samuel Mortenson of the Drupal Security Team
- Matt Glaman
- Bojan Živanović
- Wim Leers
Coordinated By:
- Samuel Mortenson of the Drupal Security Team
