The Commerce Klarna Checkout module enables you to accept payments from the Klarna Checkout payment provider
The module doesn't sufficiently validate the payment callback made by Klarna. An attacker could bypass the payment step.
Install the latest version:
- If you use the Commerce Klarna Checkout module for Drupal 7.x, upgrade to Commerce Klarna Checkout 7.x-1.5
Also see the Commerce Klarna Checkout project page.
- Greg Knaddison of the Drupal Security Team