You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To address this vulnerability, we recommend that developers implement access control policies to ensure that users can only add items to their own cart.
The text was updated successfully, but these errors were encountered:
Recently, our team found an arbitrary cart addition vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/cart/src/main/java/com/supermarket/cart/controller/CartController.java#L50. Access to the
/manage/save
API is unauthorized, allowing attackers to add carts for any user via a craftedcart
object.To address this vulnerability, we recommend that developers implement access control policies to ensure that users can only add items to their own cart.
The text was updated successfully, but these errors were encountered: