View online: https://www.drupal.org/sa-contrib-2018-057
Project: Drupal Commerce [1] Version: 8.x-2.x-dev Date: 2018-August-29 Security risk: *Moderately critical* 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2] Vulnerability: Access bypass
Description: This module enables you to build eCommerce websites and applications with Drupal.
The module doesn't sufficiently check access for some of its entity types.
Solution: Update to Commerce 8.x-2.9. [3]
Reported By: * Samuel Mortenson [4] of the Drupal Security Team
Fixed By: * Samuel Mortenson [5] of the Drupal Security Team * Matt Glaman [6] * Bojan Živanović [7] * Wim Leers [8]
Coordinated By: * Samuel Mortenson [9] of the Drupal Security Team
[1] https://www.drupal.org/project/commerce [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/commerce/releases/8.x-2.9 [4] https://www.drupal.org/user/2582268 [5] https://www.drupal.org/user/2582268 [6] https://www.drupal.org/user/2416470 [7] https://www.drupal.org/user/86106 [8] https://www.drupal.org/user/99777 [9] https://www.drupal.org/user/2582268