Commerce Klarna Checkout - Moderately critical - Access bypass - SA-CONTRIB-2018-062

Project: Commerce Klarna Checkout
Version: 7.x-1.4
Date: 2018-September-26
Security risk: *Moderately critical* 13∕25
Vulnerability: Access bypass

Description

The Commerce Klarna Checkout module enables you to accept payments from the
Klarna Checkout payment provider

The module doesn't sufficiently validate the payment callback made by Klarna.
An attacker could bypass the payment step.

Solution

 
Install the latest version:

* If you use the Commerce Klarna Checkout module for Drupal 7.x, upgrade to Commerce Klarna Checkout 7.x-1.5

Also see the Commerce Klarna Checkout project page.

Add new comment