Common Weakness Enumeration

CWE-841

Allowed

Improper Enforcement of Behavioral Workflow

Abstraction: Class · Status: Incomplete

The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

87 vulnerabilities reference this CWE, most recent first.

GHSA-2J82-37XG-F9WP

Vulnerability from github – Published: 2026-06-08 15:33 – Updated: 2026-06-08 15:33
VLAI
Details

Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response.

In gun_http:handle_inform/8, when a 101 Switching Protocols response is received over HTTP/1.1, the function verifies only that the Upgrade header is syntactically valid and that the stream reference is a plain reference(). It does not check whether the client ever sent an Upgrade or Connection: upgrade header on the corresponding request. Because this check is absent, any 101 response (solicited or not) causes gun to dispatch a gun_upgrade message to the caller and transition the entire connection to raw protocol mode.

A malicious or compromised HTTP server can send an unsolicited 101 response to any HTTP/1.1 request, causing the gun client to abandon HTTP framing for that connection. Once in raw mode, gun_raw applies no flow control (flow=infinity) and re-arms socket active mode after every received packet, so the server can flood the client with arbitrary bytes. These are forwarded as unbounded gun_data messages to the owner process, exhausting its mailbox and BEAM memory, ultimately crashing the VM.

This issue affects gun: from 2.0.0 before 2.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T15:16:46Z",
    "severity": "HIGH"
  },
  "details": "Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response.\n\nIn gun_http:handle_inform/8, when a 101 Switching Protocols response is received over HTTP/1.1, the function verifies only that the Upgrade header is syntactically valid and that the stream reference is a plain reference(). It does not check whether the client ever sent an Upgrade or Connection: upgrade header on the corresponding request. Because this check is absent, any 101 response (solicited or not) causes gun to dispatch a gun_upgrade message to the caller and transition the entire connection to raw protocol mode.\n\nA malicious or compromised HTTP server can send an unsolicited 101 response to any HTTP/1.1 request, causing the gun client to abandon HTTP framing for that connection. Once in raw mode, gun_raw applies no flow control (flow=infinity) and re-arms socket active mode after every received packet, so the server can flood the client with arbitrary bytes. These are forwarded as unbounded gun_data messages to the owner process, exhausting its mailbox and BEAM memory, ultimately crashing the VM.\n\nThis issue affects gun: from 2.0.0 before 2.4.0.",
  "id": "GHSA-2j82-37xg-f9wp",
  "modified": "2026-06-08T15:33:00Z",
  "published": "2026-06-08T15:33:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ninenines/gun/commit/5b48068c29ce5e112cb149b5857c7d4dc319a81b"
    },
    {
      "type": "WEB",
      "url": "https://cna.erlef.org/cves/CVE-2026-43974.html"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/EEF-CVE-2026-43974"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3J3R-8QHC-763H

Vulnerability from github – Published: 2024-10-09 18:31 – Updated: 2024-10-12 00:30
VLAI
Details

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T17:15:19Z",
    "severity": "HIGH"
  },
  "details": "A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.",
  "id": "GHSA-3j3r-8qhc-763h",
  "modified": "2024-10-12T00:30:47Z",
  "published": "2024-10-09T18:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46307"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/sparkshop/sparkshop"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-46307"
    },
    {
      "type": "WEB",
      "url": "http://sparkshop.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WQR-83X4-348R

Vulnerability from github – Published: 2026-03-27 18:31 – Updated: 2026-03-27 21:31
VLAI
Details

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-27T17:16:28Z",
    "severity": "HIGH"
  },
  "details": "A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.",
  "id": "GHSA-3wqr-83x4-348r",
  "modified": "2026-03-27T21:31:35Z",
  "published": "2026-03-27T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-Overselling.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4H2C-C5G9-52GG

Vulnerability from github – Published: 2026-06-30 21:31 – Updated: 2026-06-30 21:31
VLAI
Details

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T21:16:29Z",
    "severity": "MODERATE"
  },
  "details": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.",
  "id": "GHSA-4h2c-c5g9-52gg",
  "modified": "2026-06-30T21:31:45Z",
  "published": "2026-06-30T21:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36333"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7277801"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52VV-5WF4-FGHJ

Vulnerability from github – Published: 2026-03-04 00:30 – Updated: 2026-03-04 15:30
VLAI
Details

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T22:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Enforcement of Behavioral Controls in\u00a0Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion.",
  "id": "GHSA-52vv-5wf4-fghj",
  "modified": "2026-03-04T15:30:34Z",
  "published": "2026-03-04T00:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3130"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2026-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5597-7RMH-97Q5

Vulnerability from github – Published: 2026-07-09 21:03 – Updated: 2026-07-09 21:03
VLAI
Summary
Sylius: Cart FormComponent allows modification or deletion of an already-completed order
Details

Impact

A user opens the cart page in the browser. In the background, the order gets completed, e.g. an admin changes the status, or the user finalizes payment in another tab. The browser still displays the old cart: the LiveComponent is unaware the underlying order state has changed.

If the user then:

  • clears the cartclearCart() calls manager->remove() on the completed order: the order is permanently deleted from the database;
  • removes a productremoveItem() mutates an item on the completed order;
  • changes quantitysaveCart() overwrites data on the completed order.

In all cases, the customer's order data is irreversibly corrupted or lost, even though the order has already been placed and paid for. The same vector can be triggered deliberately by an authenticated customer (keep the cart page open, complete checkout in another tab, then modify the "cart" to add quantity beyond what was paid for).

Patches

The issue is fixed in versions: 2.0.18, 2.1.15, 2.2.6 and above.

Workarounds

If users cannot update Sylius immediately, they should create a patched copy of the affected class in their application's src/ directory and override the Sylius service definition to use it.

Step 1. Create src/Twig/Component/Cart/FormComponent.php

<?php

declare(strict_types=1);

namespace App\Twig\Component\Cart;

use Doctrine\Persistence\ObjectManager;
use Sylius\Bundle\UiBundle\Twig\Component\ResourceFormComponentTrait;
use Sylius\Bundle\UiBundle\Twig\Component\TemplatePropTrait;
use Sylius\Component\Core\Model\OrderInterface;
use Sylius\Component\Core\OrderCheckoutStates;
use Sylius\Component\Core\Repository\OrderRepositoryInterface;
use Sylius\Component\Order\SyliusCartEvents;
use Sylius\Resource\Model\ResourceInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\EventDispatcher\GenericEvent;
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\UX\LiveComponent\Attribute\LiveAction;
use Symfony\UX\LiveComponent\Attribute\LiveArg;
use Symfony\UX\LiveComponent\Attribute\PreReRender;
use Symfony\UX\LiveComponent\ComponentToolsTrait;

class FormComponent
{
    use ComponentToolsTrait;

    /** @use ResourceFormComponentTrait<OrderInterface> */
    use ResourceFormComponentTrait;

    use TemplatePropTrait;

    public const SYLIUS_SHOP_CART_CHANGED = 'sylius:shop:cart_changed';

    public const SYLIUS_SHOP_CART_CLEARED = 'sylius:shop:cart_cleared';

    public bool $shouldSaveCart = true;

    /** @param OrderRepositoryInterface<OrderInterface> $orderRepository */
    public function __construct(
        OrderRepositoryInterface $orderRepository,
        FormFactoryInterface $formFactory,
        string $resourceClass,
        string $formClass,
        protected readonly ObjectManager $manager,
        protected readonly EventDispatcherInterface $eventDispatcher,
    ) {
        $this->initialize($orderRepository, $formFactory, $resourceClass, $formClass);
    }

    public function hydrateResource(mixed $value): ?ResourceInterface
    {
        if (empty($value)) {
            return $this->createResource();
        }

        /** @var OrderInterface|null $order */
        $order = $this->repository->find($value);

        if (
            !$order instanceof OrderInterface
            || $order->getCheckoutState() === OrderCheckoutStates::STATE_COMPLETED
        ) {
            return $this->createResource();
        }

        return $order;
    }

    #[PreReRender(priority: -100)]
    public function saveCart(): void
    {
        if ($this->shouldSaveCart && $this->resource?->getId() !== null) {
            $form = $this->getForm();
            if ($form->isValid()) {
                $this->eventDispatcher->dispatch(new GenericEvent($form->getData()), SyliusCartEvents::CART_CHANGE);
                $this->manager->flush();
                $this->emit(self::SYLIUS_SHOP_CART_CHANGED, ['cartId' => $this->resource->getId()]);
            }
        }
    }

    #[LiveAction]
    public function removeItem(#[LiveArg] int $index): void
    {
        if ($this->resource?->getId() === null) {
            return;
        }

        $data = $this->formValues['items'];
        unset($data[$index]);
        $this->formValues['items'] = array_values($data);

        $orderItem = $this->resource->getItems()->get($index);
        $this->eventDispatcher->dispatch(new GenericEvent($orderItem), SyliusCartEvents::CART_ITEM_REMOVE);

        $this->manager->persist($this->resource);
        $this->manager->flush();
        $this->manager->refresh($this->resource);

        $this->shouldSaveCart = false;
        $this->submitForm();
        $this->emit(self::SYLIUS_SHOP_CART_CHANGED, ['cartId' => $this->resource->getId()]);
    }

    #[LiveAction]
    public function clearCart(): void
    {
        if ($this->resource?->getId() === null) {
            return;
        }

        $this->formValues['items'] = [];
        $this->eventDispatcher->dispatch(new GenericEvent($this->resource), SyliusCartEvents::CART_CLEAR);
        $this->manager->remove($this->resource);
        $this->manager->flush();

        $this->resource = $this->createResource();
        $this->resetForm();
        $this->isValidated = false;
        $this->validatedFields = [];

        $this->shouldSaveCart = false;
        $this->submitForm();
        $this->emit(self::SYLIUS_SHOP_CART_CLEARED);
    }

    #[LiveAction]
    public function removeCoupon(): void
    {
        $this->formValues['promotionCoupon'] = '';

        $this->submitForm();
    }

    private function getDataModelValue(): string
    {
        return 'debounce(500)|*';
    }
}

Step 2. Override the Sylius service in config/services.yaml

Append to the application's config/services.yaml (or a dedicated file loaded by the kernel, e.g. config/packages/sylius_security_cart.yaml):

services:
    sylius_shop.twig.component.cart.form:
        class: App\Twig\Component\Cart\FormComponent
        arguments:
            - '@sylius.repository.order'
            - '@form.factory'
            - '%sylius.model.order.class%'
            - 'Sylius\Bundle\ShopBundle\Form\Type\CartType'
            - '@doctrine.orm.entity_manager'
            - '@event_dispatcher'
        calls:
            - [setLiveResponder, ['@ux.live_component.live_responder']]
        tags:
            - { name: sylius.live_component.shop, key: 'sylius_shop:cart:form' }

This redeclares the existing Sylius service id sylius_shop.twig.component.cart.form so it instantiates the patched class from App\ while preserving every argument, call and tag from the original Sylius XML definition. The cart twig hook keeps resolving to the same Live Component key (sylius_shop:cart:form).

Step 3. Clear the cache

bin/console cache:clear

Reporters

We would like to extend our gratitude to the following individuals for their detailed reporting and responsible disclosure of this vulnerability: - Kévin Gonella (@kgonella) - Sam V.

For more information

If there are any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-53637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-672",
      "CWE-841"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-09T21:03:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nA user opens the cart page in the browser. In the background, the order gets completed, e.g. an admin changes the status, or the user finalizes payment in another tab. The browser still displays the old cart: the LiveComponent is unaware the underlying order state has changed.\n\nIf the user then:\n\n- **clears the cart** \u2192 `clearCart()` calls `manager-\u003eremove()` on the\n  completed order: the order is permanently **deleted** from the database;\n- **removes a product** \u2192 `removeItem()` mutates an item on the completed\n  order;\n- **changes quantity** \u2192 `saveCart()` overwrites data on the completed order.\n\nIn all cases, the customer\u0027s order data is irreversibly corrupted or lost, even though the order has already been placed and paid for. The same vector can be triggered deliberately by an authenticated customer (keep the cart page open, complete checkout in another tab, then modify the \"cart\" to add quantity beyond what was paid for).\n\n### Patches\nThe issue is fixed in versions: 2.0.18, 2.1.15, 2.2.6 and above.\n\n### Workarounds\nIf users cannot update Sylius immediately, they should create a patched copy of the affected class in their application\u0027s `src/` directory and override the Sylius service definition to use it.\n\n#### Step 1. Create `src/Twig/Component/Cart/FormComponent.php`\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\Twig\\Component\\Cart;\n\nuse Doctrine\\Persistence\\ObjectManager;\nuse Sylius\\Bundle\\UiBundle\\Twig\\Component\\ResourceFormComponentTrait;\nuse Sylius\\Bundle\\UiBundle\\Twig\\Component\\TemplatePropTrait;\nuse Sylius\\Component\\Core\\Model\\OrderInterface;\nuse Sylius\\Component\\Core\\OrderCheckoutStates;\nuse Sylius\\Component\\Core\\Repository\\OrderRepositoryInterface;\nuse Sylius\\Component\\Order\\SyliusCartEvents;\nuse Sylius\\Resource\\Model\\ResourceInterface;\nuse Symfony\\Component\\EventDispatcher\\EventDispatcherInterface;\nuse Symfony\\Component\\EventDispatcher\\GenericEvent;\nuse Symfony\\Component\\Form\\FormFactoryInterface;\nuse Symfony\\UX\\LiveComponent\\Attribute\\LiveAction;\nuse Symfony\\UX\\LiveComponent\\Attribute\\LiveArg;\nuse Symfony\\UX\\LiveComponent\\Attribute\\PreReRender;\nuse Symfony\\UX\\LiveComponent\\ComponentToolsTrait;\n\nclass FormComponent\n{\n    use ComponentToolsTrait;\n\n    /** @use ResourceFormComponentTrait\u003cOrderInterface\u003e */\n    use ResourceFormComponentTrait;\n\n    use TemplatePropTrait;\n\n    public const SYLIUS_SHOP_CART_CHANGED = \u0027sylius:shop:cart_changed\u0027;\n\n    public const SYLIUS_SHOP_CART_CLEARED = \u0027sylius:shop:cart_cleared\u0027;\n\n    public bool $shouldSaveCart = true;\n\n    /** @param OrderRepositoryInterface\u003cOrderInterface\u003e $orderRepository */\n    public function __construct(\n        OrderRepositoryInterface $orderRepository,\n        FormFactoryInterface $formFactory,\n        string $resourceClass,\n        string $formClass,\n        protected readonly ObjectManager $manager,\n        protected readonly EventDispatcherInterface $eventDispatcher,\n    ) {\n        $this-\u003einitialize($orderRepository, $formFactory, $resourceClass, $formClass);\n    }\n\n    public function hydrateResource(mixed $value): ?ResourceInterface\n    {\n        if (empty($value)) {\n            return $this-\u003ecreateResource();\n        }\n\n        /** @var OrderInterface|null $order */\n        $order = $this-\u003erepository-\u003efind($value);\n\n        if (\n            !$order instanceof OrderInterface\n            || $order-\u003egetCheckoutState() === OrderCheckoutStates::STATE_COMPLETED\n        ) {\n            return $this-\u003ecreateResource();\n        }\n\n        return $order;\n    }\n\n    #[PreReRender(priority: -100)]\n    public function saveCart(): void\n    {\n        if ($this-\u003eshouldSaveCart \u0026\u0026 $this-\u003eresource?-\u003egetId() !== null) {\n            $form = $this-\u003egetForm();\n            if ($form-\u003eisValid()) {\n                $this-\u003eeventDispatcher-\u003edispatch(new GenericEvent($form-\u003egetData()), SyliusCartEvents::CART_CHANGE);\n                $this-\u003emanager-\u003eflush();\n                $this-\u003eemit(self::SYLIUS_SHOP_CART_CHANGED, [\u0027cartId\u0027 =\u003e $this-\u003eresource-\u003egetId()]);\n            }\n        }\n    }\n\n    #[LiveAction]\n    public function removeItem(#[LiveArg] int $index): void\n    {\n        if ($this-\u003eresource?-\u003egetId() === null) {\n            return;\n        }\n\n        $data = $this-\u003eformValues[\u0027items\u0027];\n        unset($data[$index]);\n        $this-\u003eformValues[\u0027items\u0027] = array_values($data);\n\n        $orderItem = $this-\u003eresource-\u003egetItems()-\u003eget($index);\n        $this-\u003eeventDispatcher-\u003edispatch(new GenericEvent($orderItem), SyliusCartEvents::CART_ITEM_REMOVE);\n\n        $this-\u003emanager-\u003epersist($this-\u003eresource);\n        $this-\u003emanager-\u003eflush();\n        $this-\u003emanager-\u003erefresh($this-\u003eresource);\n\n        $this-\u003eshouldSaveCart = false;\n        $this-\u003esubmitForm();\n        $this-\u003eemit(self::SYLIUS_SHOP_CART_CHANGED, [\u0027cartId\u0027 =\u003e $this-\u003eresource-\u003egetId()]);\n    }\n\n    #[LiveAction]\n    public function clearCart(): void\n    {\n        if ($this-\u003eresource?-\u003egetId() === null) {\n            return;\n        }\n\n        $this-\u003eformValues[\u0027items\u0027] = [];\n        $this-\u003eeventDispatcher-\u003edispatch(new GenericEvent($this-\u003eresource), SyliusCartEvents::CART_CLEAR);\n        $this-\u003emanager-\u003eremove($this-\u003eresource);\n        $this-\u003emanager-\u003eflush();\n\n        $this-\u003eresource = $this-\u003ecreateResource();\n        $this-\u003eresetForm();\n        $this-\u003eisValidated = false;\n        $this-\u003evalidatedFields = [];\n\n        $this-\u003eshouldSaveCart = false;\n        $this-\u003esubmitForm();\n        $this-\u003eemit(self::SYLIUS_SHOP_CART_CLEARED);\n    }\n\n    #[LiveAction]\n    public function removeCoupon(): void\n    {\n        $this-\u003eformValues[\u0027promotionCoupon\u0027] = \u0027\u0027;\n\n        $this-\u003esubmitForm();\n    }\n\n    private function getDataModelValue(): string\n    {\n        return \u0027debounce(500)|*\u0027;\n    }\n}\n```\n\n#### Step 2. Override the Sylius service in `config/services.yaml`\n\nAppend to the application\u0027s `config/services.yaml` (or a dedicated file loaded by the kernel, e.g. `config/packages/sylius_security_cart.yaml`):\n\n```yaml\nservices:\n    sylius_shop.twig.component.cart.form:\n        class: App\\Twig\\Component\\Cart\\FormComponent\n        arguments:\n            - \u0027@sylius.repository.order\u0027\n            - \u0027@form.factory\u0027\n            - \u0027%sylius.model.order.class%\u0027\n            - \u0027Sylius\\Bundle\\ShopBundle\\Form\\Type\\CartType\u0027\n            - \u0027@doctrine.orm.entity_manager\u0027\n            - \u0027@event_dispatcher\u0027\n        calls:\n            - [setLiveResponder, [\u0027@ux.live_component.live_responder\u0027]]\n        tags:\n            - { name: sylius.live_component.shop, key: \u0027sylius_shop:cart:form\u0027 }\n```\n\nThis redeclares the existing Sylius service id `sylius_shop.twig.component.cart.form` so it instantiates the patched class from `App\\` while preserving every argument, call and tag from the original Sylius XML definition. The cart twig hook keeps resolving to the same Live Component key (`sylius_shop:cart:form`).\n\n#### Step 3. Clear the cache\n\n```bash\nbin/console cache:clear\n```\n\n### Reporters\n\nWe would like to extend our gratitude to the following individuals for their detailed reporting and responsible disclosure of this vulnerability:\n- K\u00e9vin Gonella (@kgonella)\n- Sam V.\n\n### For more information\n\nIf there are any questions or comments about this advisory:\n\n- Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen)\n- Send an email to [security@sylius.com](mailto:security@sylius.com)",
  "id": "GHSA-5597-7rmh-97q5",
  "modified": "2026-07-09T21:03:41Z",
  "published": "2026-07-09T21:03:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-5597-7rmh-97q5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sylius/Sylius"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sylius: Cart FormComponent allows modification or deletion of an already-completed order"
}

GHSA-5QW6-59G4-VVQW

Vulnerability from github – Published: 2026-06-25 15:32 – Updated: 2026-06-25 15:32
VLAI
Details

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T15:16:34Z",
    "severity": "MODERATE"
  },
  "details": "Our payment integration with Computop-based payment methods did not \nproperly validate payment status responses. An attacker could use a \nsuccessful payment status response from one payment and supply it to the\n system for a different payment, gaining access to multiple valid \ntickets with only one payment.",
  "id": "GHSA-5qw6-59g4-vvqw",
  "modified": "2026-06-25T15:32:02Z",
  "published": "2026-06-25T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13223"
    },
    {
      "type": "WEB",
      "url": "https://pretix.eu/about/en/blog/20260625-release-2026-5-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-62MF-VHHW-XMF8

Vulnerability from github – Published: 2025-05-23 16:11 – Updated: 2025-05-23 18:46
VLAI
Summary
DNN site Import could use an external source with a crafted request
Details

A malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DotNetNuke.SiteExportImport"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.13.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48376"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-23T16:11:14Z",
    "nvd_published_at": "2025-05-23T16:15:27Z",
    "severity": "LOW"
  },
  "details": "A malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported.",
  "id": "GHSA-62mf-vhhw-xmf8",
  "modified": "2025-05-23T18:46:09Z",
  "published": "2025-05-23T16:11:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-62mf-vhhw-xmf8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48376"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dnnsoftware/Dnn.Platform/commit/13fb13ee76173c3467d7ee8d120b20ca7bd4fa63"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dnnsoftware/Dnn.Platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DNN site Import could use an external source with a crafted request"
}

GHSA-6XPP-JM6C-3V96

Vulnerability from github – Published: 2023-08-06 09:30 – Updated: 2023-08-06 09:30
VLAI
Details

A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-06T09:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.",
  "id": "GHSA-6xpp-jm6c-3v96",
  "modified": "2023-08-06T09:30:18Z",
  "published": "2023-08-06T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4181"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yesec/Free-Hospital-Management-System-for-Small-Practices/blob/main/vertical%20privilege%20escalation/vuln.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.236216"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.236216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7J6Q-QXMG-PQP2

Vulnerability from github – Published: 2024-06-18 21:30 – Updated: 2024-09-21 00:34
VLAI
Details

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268895.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-841"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-18T21:15:56Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268895.",
  "id": "GHSA-7j6q-qxmg-pqp2",
  "modified": "2024-09-21T00:34:48Z",
  "published": "2024-06-18T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6128"
    },
    {
      "type": "WEB",
      "url": "https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2024/Jun/6"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.268895"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.268895"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.