shuup

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting shuuppage 1 of 1

CVE-2021-25962HIGHCVSS 8.0EG 8.0✓ Fixed in 2.11.0
2021-09-29
vulnerable: 1.10.0 ... 2.9.2 (134 versions)
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator …
CVE-2021-25963MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0
2021-09-30
vulnerable: 1.10.0 ... 2.9.2 (134 versions)
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.

Check whether shuup is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for shuup CVEs against the assets you own.

Start Free Scan →