First published: Wed May 25 2022(Updated: )
CVE-2022-29254 - Failed payment recorded has completed
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/silverstripe-omnipay | >=2.0.0<2.5.2>=3.0.0<3.0.2>=3.1.0<3.1.4>=3.2.0<3.2.1 | |
Silverstripe Silverstripe-omnipay | <2.5.2 | |
Silverstripe Silverstripe-omnipay | >=3.0.0<3.0.2 | |
Silverstripe Silverstripe-omnipay | >=3.1.0<3.1.4 | |
Silverstripe Silverstripe-omnipay | >=3.2.0<3.2.1 |
https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29254 is a vulnerability in the silverstripe-omnipay package that allows payments to be prematurely marked as completed.
CVE-2022-29254 has a severity value of 6.5, which is considered medium.
CVE-2022-29254 affects versions 2.0.0 to 2.5.2, 3.0.0 to 3.0.2, 3.1.0 to 3.1.4, and 3.2.0 to 3.2.1 of the silverstripe-omnipay package.
To fix CVE-2022-29254, update the silverstripe-omnipay package to a version that is not affected by the vulnerability.