CVE-2023-46942
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
13/01/2024
Last modified:
03/06/2025
Description
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:evershop:evershop:1.0.0:beta:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:beta1:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:beta2:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:beta3:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:beta4:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:beta5:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:rc1:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:rc2:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:rc3:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:rc5:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:rc6:*:*:*:node.js:*:* | ||
| cpe:2.3:a:evershop:evershop:1.0.0:rc7:*:*:*:node.js:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://advisory.checkmarx.net/advisory/CVE-2023-46942
- https://devhub.checkmarx.com/cve-details/CVE-2023-46942/
- https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5/
- https://advisory.checkmarx.net/advisory/CVE-2023-46942
- https://devhub.checkmarx.com/cve-details/CVE-2023-46942/
- https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5/