You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To address this vulnerability, we recommend that developers implement access control policies to limit API access to privileged users and cart owners only.
The text was updated successfully, but these errors were encountered:
Recently, our team found an arbitrary cart deletion vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/cart/src/main/java/com/supermarket/cart/controller/CartController.java#L96. Access to the
/manage/delete
API is unauthorized, allowing attackers to delete arbitrary cart via a craftedcart
object.To address this vulnerability, we recommend that developers implement access control policies to limit API access to privileged users and cart owners only.
The text was updated successfully, but these errors were encountered: