Security Notice & Bug Bounty - Improper Access Control - huntr.dev

# Overview
[cezerin](https://cezerin.com/) is a React and Node.js based eCommerce platform.

Affected versions of this package are vulnerable to Improper Access Control. Certain internal attributes (e.g., paid and tax) within `getValidDocumentForUpdate` in `src/api/server/services/orders/orders.js` function can be overwritten via a conflicting name from user-input. As such, it is possible for a malicious customer to manipulate certain order status (i.e., payment status, tax) by adding additional attributes to user-input during checkout.

# Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded &#128176;? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr &#128218;

_Automatically generated by @huntr-helper..._

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Notice & Bug Bounty - Improper Access Control - huntr.dev #637

Overview

Bug Bounty

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Notice & Bug Bounty - Improper Access Control - huntr.dev #637

Description

Overview

Bug Bounty

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions