CVE-2024-26129

PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

History

17 Jan 2025, 15:44

Type Values Removed Values Added
CPE cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
First Time Prestashop
Prestashop prestashop
References () https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5 - () https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5 - Patch
References () https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr - () https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr - Vendor Advisory
References () https://owasp.org/www-community/attacks/Full_Path_Disclosure - () https://owasp.org/www-community/attacks/Full_Path_Disclosure - Not Applicable

Information

Published : 2024-02-19 22:15

Updated : 2025-01-17 15:44


NVD link : CVE-2024-26129

Mitre link : CVE-2024-26129

CVE.ORG link : CVE-2024-26129


JSON object : View

Products Affected

prestashop

  • prestashop
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')