cvelist/2020/11xxx/CVE-2020-11007.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11007",
        "STATE": "PUBLIC",
        "TITLE": "Negative charge in shopping cart possible in Shopizer"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "shopizer",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "< 2.11.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "shopizer-ecommerce"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20: Improper Input Validation"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj",
                "refsource": "CONFIRM",
                "url": "https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj"
            },
            {
                "name": "https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a",
                "refsource": "MISC",
                "url": "https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-w8rc-pgxq-x2cj",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2020-03-30 19:01:15 +00:00			`{`
			`"CVE_data_meta": {`
add CVE-2020-11007 for GHSA-w8rc-pgxq-x2cj 2020-04-16 12:18:12 -06:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2020-03-30 19:01:15 +00:00			`"ID": "CVE-2020-11007",`
add CVE-2020-11007 for GHSA-w8rc-pgxq-x2cj 2020-04-16 12:18:12 -06:00			`"STATE": "PUBLIC",`
			`"TITLE": "Negative charge in shopping cart possible in Shopizer"`
"-Synchronized-Data." 2020-03-30 19:01:15 +00:00			`},`
add CVE-2020-11007 for GHSA-w8rc-pgxq-x2cj 2020-04-16 12:18:12 -06:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "shopizer",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "< 2.11.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "shopizer-ecommerce"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-03-30 19:01:15 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2020-04-16 19:04:07 +00:00			`"value": "In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0."`
add CVE-2020-11007 for GHSA-w8rc-pgxq-x2cj 2020-04-16 12:18:12 -06:00			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-20: Improper Input Validation"`
			`}`
			`]`
"-Synchronized-Data." 2020-03-30 19:01:15 +00:00			`}`
			`]`
add CVE-2020-11007 for GHSA-w8rc-pgxq-x2cj 2020-04-16 12:18:12 -06:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-w8rc-pgxq-x2cj"`
			`},`
			`{`
			`"name": "https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a",`
			`"refsource": "MISC",`
			`"url": "https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "GHSA-w8rc-pgxq-x2cj",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2020-03-30 19:01:15 +00:00			`}`
			`}`