Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: python313Packages.types-aiobotocore-marketplacecommerceanalytics

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-31867

created 1 week, 2 days ago

Craft Commerce has a Potential IDOR in Commerce carts

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (IDOR) vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. The CartController accepts a user-supplied number parameter to load and modify shopping carts. No ownership validation is performed - the code only checks if the order exists and is incomplete, not whether the requester has authorization to access it. This vulnerability enables the takeover of shopping sessions and potential exposure of PII. This vulnerability is fixed in 4.11.0 and 5.6.0.

References

https://github.com/craftcms/commerce/security/advisories/GHSA-vff3-pqq8-4cpq x_refsource_CONFIRM
https://github.com/craftcms/commerce/pull/4207 x_refsource_MISC

Affected products

commerce

==>= 5.0.0, < 5.6.0
==>= 4.0.0, < 4.11.0

Matching in nixpkgs

pkgs.python312Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-25.11 6.0.0
- nixos-25.11-small 6.0.0
- nixpkgs-25.11-darwin 6.0.0

pkgs.python313Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-unstable 6.0.0
- nixpkgs-unstable 6.0.0
- nixos-unstable-small 6.0.0
nixos-25.11 6.0.0
- nixos-25.11-small 6.0.0
- nixpkgs-25.11-darwin 6.0.0

pkgs.python314Packages.azure-mgmt-commerce

This is the Microsoft Azure Commerce Management Client Library

nixos-unstable 6.0.0
- nixpkgs-unstable 6.0.0
- nixos-unstable-small 6.0.0

pkgs.python312Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-25.11 boto3-marketplacecommerceanalytics-1.41.0
- nixos-25.11-small boto3-marketplacecommerceanalytics-1.41.0
- nixpkgs-25.11-darwin boto3-marketplacecommerceanalytics-1.41.0

pkgs.python313Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixpkgs-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixos-unstable-small boto3-marketplacecommerceanalytics-1.42.3
nixos-25.11 boto3-marketplacecommerceanalytics-1.41.0
- nixos-25.11-small boto3-marketplacecommerceanalytics-1.41.0
- nixpkgs-25.11-darwin boto3-marketplacecommerceanalytics-1.41.0

pkgs.python314Packages.mypy-boto3-marketplacecommerceanalytics

Type annotations for boto3 marketplacecommerceanalytics

nixos-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixpkgs-unstable boto3-marketplacecommerceanalytics-1.42.3
- nixos-unstable-small boto3-marketplacecommerceanalytics-1.42.3

pkgs.python312Packages.types-aiobotocore-marketplacecommerceanalytics

Type annotations for aiobotocore marketplacecommerceanalytics

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-marketplacecommerceanalytics

Type annotations for aiobotocore marketplacecommerceanalytics

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.2.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Package maintainers

@mwilsoncoding Max Wilson <nixpkgs@maxwilson.dev>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>

1