Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21. The problem has been fixed with version 5.4.4. ![]() ![]() If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. ![]() SwagPayPal is a PayPal integration for shopware/platform.
0 Comments
Leave a Reply. |