Date: 
2018-September-26
Vulnerability: 
Access bypass
Description: 

The Commerce Klarna Checkout module enables you to accept payments from the Klarna Checkout payment provider

The module doesn't sufficiently validate the payment callback made by Klarna. An attacker could bypass the payment step.

Solution: 

Install the latest version:

Also see the Commerce Klarna Checkout project page.

Reported By: 
Coordinated By: