[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-47744":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-30T16:49:21.812Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":830,"aliases":831,"duplicate_of":9,"upstream":832,"downstream":833,"duplicates":834,"related":835,"reserved_at":9,"published_at":836,"modified_at":837,"state":838,"summary":839,"references_raw":846,"kevs":853,"epss":9,"epss_history":854,"metrics":855,"affected":863},"CVE-2026-47744","Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users, including administrators. Settings/Team/RolePermission gated its write actions on the read-only view_users permission. Any user holding view_users could grant themselves or any other user arbitrary permissions, including manage_users and edit_orders, effectively escalating to full panel administrator from a read-only account. Combined, these two defects allow a low-privilege authenticated user to obtain administrator privileges and remove the legitimate administrators from the panel. This vulnerability is fixed in 2.8.0.",null,[11,264],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-269","Improper Privilege Management","The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","weakness","Draft","Class","Medium",[20,182,260],{"id":21,"name":22,"techniques":23},"CAPEC-122","Privilege Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":33,"techniques":184},"CAPEC-233",[185],{"id":25,"name":26,"tactics":186,"countermeasures":189},[187,188],{"id":29,"name":30},{"id":32,"name":33},[190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258],{"id":36,"name":37,"tactic":191},{"name":39},{"id":41,"name":42,"tactic":193},{"name":39},{"id":45,"name":46,"tactic":195},{"name":39},{"id":49,"name":50,"tactic":197},{"name":39},{"id":53,"name":54,"tactic":199},{"name":56},{"id":58,"name":59,"tactic":201},{"name":56},{"id":62,"name":63,"tactic":203},{"name":56},{"id":66,"name":67,"tactic":205},{"name":56},{"id":70,"name":71,"tactic":207},{"name":56},{"id":74,"name":75,"tactic":209},{"name":56},{"id":78,"name":79,"tactic":211},{"name":56},{"id":82,"name":83,"tactic":213},{"name":56},{"id":86,"name":87,"tactic":215},{"name":56},{"id":90,"name":91,"tactic":217},{"name":93},{"id":95,"name":96,"tactic":219},{"name":93},{"id":99,"name":100,"tactic":221},{"name":102},{"id":104,"name":105,"tactic":223},{"name":107},{"id":109,"name":110,"tactic":225},{"name":107},{"id":113,"name":114,"tactic":227},{"name":107},{"id":117,"name":118,"tactic":229},{"name":107},{"id":121,"name":122,"tactic":231},{"name":124},{"id":126,"name":127,"tactic":233},{"name":124},{"id":130,"name":131,"tactic":235},{"name":124},{"id":134,"name":135,"tactic":237},{"name":124},{"id":138,"name":139,"tactic":239},{"name":124},{"id":142,"name":143,"tactic":241},{"name":145},{"id":147,"name":148,"tactic":243},{"name":145},{"id":151,"name":152,"tactic":245},{"name":145},{"id":155,"name":156,"tactic":247},{"name":145},{"id":159,"name":160,"tactic":249},{"name":145},{"id":163,"name":164,"tactic":251},{"name":145},{"id":167,"name":168,"tactic":253},{"name":145},{"id":171,"name":172,"tactic":255},{"name":145},{"id":175,"name":176,"tactic":257},{"name":145},{"id":179,"name":180,"tactic":259},{"name":145},{"id":261,"name":262,"techniques":263},"CAPEC-58","Restful Privilege Elevation",[],{"_key":265,"id":265,"name":266,"description":267,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":268,"capec":269},"CWE-285","Improper Authorization","The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.","High",[270,310,314,348,479,521,525,529,533,537,541,545,706,788,818,822,826],{"id":271,"name":272,"techniques":273},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[274],{"id":275,"name":276,"tactics":277,"countermeasures":289},"T1574.010","Services File Permissions Weakness",[278,281,282,283,286],{"id":279,"name":280},"TA0110","Persistence",{"id":32,"name":33},{"id":29,"name":30},{"id":284,"name":285},"TA0005","Stealth",{"id":287,"name":288},"TA0104","Execution",[290,294,298,302,306],{"id":291,"name":292,"tactic":293},"D3-SWI","Software Inventory",{"name":39},{"id":295,"name":296,"tactic":297},"D3-AVE","Asset Vulnerability Enumeration",{"name":39},{"id":299,"name":300,"tactic":301},"D3-SBV","Service Binary Verification",{"name":56},{"id":303,"name":304,"tactic":305},"D3-SU","Software Update",{"name":107},{"id":307,"name":308,"tactic":309},"D3-RS","Restore Software",{"name":124},{"id":311,"name":312,"techniques":313},"CAPEC-104","Cross Zone Scripting",[],{"id":315,"name":316,"techniques":317},"CAPEC-127","Directory Indexing",[318],{"id":319,"name":320,"tactics":321,"countermeasures":325},"T1083","File and Directory Discovery",[322],{"id":323,"name":324},"TA0102","Discovery",[326,328,330,332,334,336,338,340,342,344,346],{"id":66,"name":67,"tactic":327},{"name":56},{"id":70,"name":71,"tactic":329},{"name":56},{"id":90,"name":91,"tactic":331},{"name":93},{"id":99,"name":100,"tactic":333},{"name":102},{"id":104,"name":105,"tactic":335},{"name":107},{"id":126,"name":127,"tactic":337},{"name":124},{"id":151,"name":152,"tactic":339},{"name":145},{"id":147,"name":148,"tactic":341},{"name":145},{"id":155,"name":156,"tactic":343},{"name":145},{"id":159,"name":160,"tactic":345},{"name":145},{"id":163,"name":164,"tactic":347},{"name":145},{"id":349,"name":350,"techniques":351},"CAPEC-13","Subverting Environment Variable Values",[352,405,439],{"id":353,"name":354,"tactics":355,"countermeasures":358},"T1562.003","Impair Command History Logging",[356,357],{"id":29,"name":30},{"id":284,"name":285},[359,361,363,365,367,369,371,375,377,381,385,387,389,391,393,395,397,399,401,403],{"id":36,"name":37,"tactic":360},{"name":39},{"id":66,"name":67,"tactic":362},{"name":56},{"id":70,"name":71,"tactic":364},{"name":56},{"id":78,"name":79,"tactic":366},{"name":56},{"id":82,"name":83,"tactic":368},{"name":56},{"id":90,"name":91,"tactic":370},{"name":93},{"id":372,"name":373,"tactic":374},"D3-RKD","Registry Key Deletion",{"name":93},{"id":99,"name":100,"tactic":376},{"name":102},{"id":378,"name":379,"tactic":380},"D3-DRA","Disable Remote Access",{"name":107},{"id":382,"name":383,"tactic":384},"D3-ACH","Application Configuration Hardening",{"name":107},{"id":104,"name":105,"tactic":386},{"name":107},{"id":121,"name":122,"tactic":388},{"name":124},{"id":126,"name":127,"tactic":390},{"name":124},{"id":159,"name":160,"tactic":392},{"name":145},{"id":147,"name":148,"tactic":394},{"name":145},{"id":151,"name":152,"tactic":396},{"name":145},{"id":155,"name":156,"tactic":398},{"name":145},{"id":163,"name":164,"tactic":400},{"name":145},{"id":171,"name":172,"tactic":402},{"name":145},{"id":175,"name":176,"tactic":404},{"name":145},{"id":406,"name":407,"tactics":408,"countermeasures":414},"T1574.006","Dynamic Linker Hijacking",[409,410,411,412,413],{"id":279,"name":280},{"id":32,"name":33},{"id":29,"name":30},{"id":284,"name":285},{"id":287,"name":288},[415,417,419,421,423,425,427,429,431,433,435,437],{"id":62,"name":63,"tactic":416},{"name":56},{"id":66,"name":67,"tactic":418},{"name":56},{"id":70,"name":71,"tactic":420},{"name":56},{"id":90,"name":91,"tactic":422},{"name":93},{"id":99,"name":100,"tactic":424},{"name":102},{"id":104,"name":105,"tactic":426},{"name":107},{"id":126,"name":127,"tactic":428},{"name":124},{"id":147,"name":148,"tactic":430},{"name":145},{"id":151,"name":152,"tactic":432},{"name":145},{"id":155,"name":156,"tactic":434},{"name":145},{"id":159,"name":160,"tactic":436},{"name":145},{"id":163,"name":164,"tactic":438},{"name":145},{"id":440,"name":441,"tactics":442,"countermeasures":448},"T1574.007","Path Interception by PATH Environment Variable",[443,444,445,446,447],{"id":279,"name":280},{"id":32,"name":33},{"id":29,"name":30},{"id":284,"name":285},{"id":287,"name":288},[449,451,453,455,457,459,461,463,465,467,469,471,473,475,477],{"id":66,"name":67,"tactic":450},{"name":56},{"id":70,"name":71,"tactic":452},{"name":56},{"id":78,"name":79,"tactic":454},{"name":56},{"id":82,"name":83,"tactic":456},{"name":56},{"id":90,"name":91,"tactic":458},{"name":93},{"id":99,"name":100,"tactic":460},{"name":102},{"id":104,"name":105,"tactic":462},{"name":107},{"id":126,"name":127,"tactic":464},{"name":124},{"id":147,"name":148,"tactic":466},{"name":145},{"id":151,"name":152,"tactic":468},{"name":145},{"id":155,"name":156,"tactic":470},{"name":145},{"id":159,"name":160,"tactic":472},{"name":145},{"id":163,"name":164,"tactic":474},{"name":145},{"id":171,"name":172,"tactic":476},{"name":145},{"id":175,"name":176,"tactic":478},{"name":145},{"id":480,"name":481,"techniques":482},"CAPEC-17","Using Malicious Files",[483,503],{"id":484,"name":485,"tactics":486,"countermeasures":492},"T1574.005","Executable Installer File Permissions Weakness",[487,488,489,490,491],{"id":279,"name":280},{"id":32,"name":33},{"id":29,"name":30},{"id":284,"name":285},{"id":287,"name":288},[493,495,497,499,501],{"id":291,"name":292,"tactic":494},{"name":39},{"id":295,"name":296,"tactic":496},{"name":39},{"id":299,"name":300,"tactic":498},{"name":56},{"id":303,"name":304,"tactic":500},{"name":107},{"id":307,"name":308,"tactic":502},{"name":124},{"id":275,"name":276,"tactics":504,"countermeasures":510},[505,506,507,508,509],{"id":279,"name":280},{"id":32,"name":33},{"id":29,"name":30},{"id":284,"name":285},{"id":287,"name":288},[511,513,515,517,519],{"id":291,"name":292,"tactic":512},{"name":39},{"id":295,"name":296,"tactic":514},{"name":39},{"id":299,"name":300,"tactic":516},{"name":56},{"id":303,"name":304,"tactic":518},{"name":107},{"id":307,"name":308,"tactic":520},{"name":124},{"id":522,"name":523,"techniques":524},"CAPEC-39","Manipulating Opaque Client-based Data Tokens",[],{"id":526,"name":527,"techniques":528},"CAPEC-402","Bypassing ATA Password Security",[],{"id":530,"name":531,"techniques":532},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":534,"name":535,"techniques":536},"CAPEC-5","Blue Boxing",[],{"id":538,"name":539,"techniques":540},"CAPEC-51","Poison Web Service Registry",[],{"id":542,"name":543,"techniques":544},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":546,"name":547,"techniques":548},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[549,601],{"id":550,"name":551,"tactics":552,"countermeasures":556},"T1134.001","Token Impersonation/Theft",[553,554,555],{"id":29,"name":30},{"id":284,"name":285},{"id":32,"name":33},[557,561,565,569,573,577,581,585,589,593,597],{"id":558,"name":559,"tactic":560},"D3-CCSA","Credential Compromise Scope Analysis",{"name":56},{"id":562,"name":563,"tactic":564},"D3-CR","Credential Revocation",{"name":93},{"id":566,"name":567,"tactic":568},"D3-ANCI","Authentication Cache Invalidation",{"name":93},{"id":570,"name":571,"tactic":572},"D3-DUC","Decoy User Credential",{"name":102},{"id":574,"name":575,"tactic":576},"D3-CH","Credential Hardening",{"name":107},{"id":578,"name":579,"tactic":580},"D3-MFA","Multi-factor Authentication",{"name":107},{"id":582,"name":583,"tactic":584},"D3-CRO","Credential Rotation",{"name":107},{"id":586,"name":587,"tactic":588},"D3-TB","Token Binding",{"name":107},{"id":590,"name":591,"tactic":592},"D3-TBA","Token-based Authentication",{"name":107},{"id":594,"name":595,"tactic":596},"D3-RIC","Reissue Credential",{"name":124},{"id":598,"name":599,"tactic":600},"D3-CTS","Credential Transmission Scoping",{"name":145},{"id":602,"name":603,"tactics":604,"countermeasures":609},"T1550.004","Web Session Cookie",[605,606],{"id":29,"name":30},{"id":607,"name":608},"TA0109","Lateral Movement",[610,614,618,622,626,630,634,638,642,646,650,652,654,658,662,666,670,672,674,676,678,680,682,684,688,692,694,696,700,704],{"id":611,"name":612,"tactic":613},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":615,"name":616,"tactic":617},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":619,"name":620,"tactic":621},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":623,"name":624,"tactic":625},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":627,"name":628,"tactic":629},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":631,"name":632,"tactic":633},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":635,"name":636,"tactic":637},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":639,"name":640,"tactic":641},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":643,"name":644,"tactic":645},"D3-PLA","Process Lineage Analysis",{"name":56},{"id":647,"name":648,"tactic":649},"D3-PSMD","Process Self-Modification Detection",{"name":56},{"id":86,"name":87,"tactic":651},{"name":56},{"id":558,"name":559,"tactic":653},{"name":56},{"id":655,"name":656,"tactic":657},"D3-PT","Process Termination",{"name":93},{"id":659,"name":660,"tactic":661},"D3-PS","Process Suspension",{"name":93},{"id":663,"name":664,"tactic":665},"D3-HR","Host Reboot",{"name":93},{"id":667,"name":668,"tactic":669},"D3-HS","Host Shutdown",{"name":93},{"id":562,"name":563,"tactic":671},{"name":93},{"id":566,"name":567,"tactic":673},{"name":93},{"id":570,"name":571,"tactic":675},{"name":102},{"id":574,"name":575,"tactic":677},{"name":107},{"id":578,"name":579,"tactic":679},{"name":107},{"id":582,"name":583,"tactic":681},{"name":107},{"id":594,"name":595,"tactic":683},{"name":124},{"id":685,"name":686,"tactic":687},"D3-NTF","Network Traffic Filtering",{"name":145},{"id":689,"name":690,"tactic":691},"D3-KBPI","Kernel-based Process Isolation",{"name":145},{"id":142,"name":143,"tactic":693},{"name":145},{"id":179,"name":180,"tactic":695},{"name":145},{"id":697,"name":698,"tactic":699},"D3-ABPI","Application-based Process Isolation",{"name":145},{"id":701,"name":702,"tactic":703},"D3-WSAM","Web Session Access Mediation",{"name":145},{"id":598,"name":599,"tactic":705},{"name":145},{"id":707,"name":708,"techniques":709},"CAPEC-647","Collect Data from Registries",[710,740,756],{"id":711,"name":712,"tactics":713,"countermeasures":717},"T1005","Data from Local System",[714],{"id":715,"name":716},"TA0100","Collection",[718,720,722,724,726,728,730,732,734,736,738],{"id":66,"name":67,"tactic":719},{"name":56},{"id":70,"name":71,"tactic":721},{"name":56},{"id":90,"name":91,"tactic":723},{"name":93},{"id":99,"name":100,"tactic":725},{"name":102},{"id":104,"name":105,"tactic":727},{"name":107},{"id":126,"name":127,"tactic":729},{"name":124},{"id":147,"name":148,"tactic":731},{"name":145},{"id":151,"name":152,"tactic":733},{"name":145},{"id":155,"name":156,"tactic":735},{"name":145},{"id":159,"name":160,"tactic":737},{"name":145},{"id":163,"name":164,"tactic":739},{"name":145},{"id":741,"name":742,"tactics":743,"countermeasures":745},"T1012","Query Registry",[744],{"id":323,"name":324},[746,748,750,752,754],{"id":45,"name":46,"tactic":747},{"name":39},{"id":58,"name":59,"tactic":749},{"name":56},{"id":117,"name":118,"tactic":751},{"name":107},{"id":138,"name":139,"tactic":753},{"name":124},{"id":142,"name":143,"tactic":755},{"name":145},{"id":757,"name":758,"tactics":759,"countermeasures":763},"T1552.002","Credentials in Registry",[760],{"id":761,"name":762},"TA0031","Credential Access",[764,766,768,770,772,774,776,778,780,782,784,786],{"id":45,"name":46,"tactic":765},{"name":39},{"id":558,"name":559,"tactic":767},{"name":56},{"id":562,"name":563,"tactic":769},{"name":93},{"id":566,"name":567,"tactic":771},{"name":93},{"id":570,"name":571,"tactic":773},{"name":102},{"id":574,"name":575,"tactic":775},{"name":107},{"id":578,"name":579,"tactic":777},{"name":107},{"id":582,"name":583,"tactic":779},{"name":107},{"id":117,"name":118,"tactic":781},{"name":107},{"id":138,"name":139,"tactic":783},{"name":124},{"id":594,"name":595,"tactic":785},{"name":124},{"id":598,"name":599,"tactic":787},{"name":145},{"id":789,"name":790,"techniques":791},"CAPEC-668","Key Negotiation of Bluetooth Attack (KNOB)",[792],{"id":793,"name":794,"tactics":795,"countermeasures":799},"T1565.002","Transmitted Data Manipulation",[796],{"id":797,"name":798},"TA0105","Impact",[800,802,804,806,808,810,812,814,816],{"id":611,"name":612,"tactic":801},{"name":56},{"id":615,"name":616,"tactic":803},{"name":56},{"id":619,"name":620,"tactic":805},{"name":56},{"id":623,"name":624,"tactic":807},{"name":56},{"id":627,"name":628,"tactic":809},{"name":56},{"id":631,"name":632,"tactic":811},{"name":56},{"id":635,"name":636,"tactic":813},{"name":56},{"id":639,"name":640,"tactic":815},{"name":56},{"id":685,"name":686,"tactic":817},{"name":145},{"id":819,"name":820,"techniques":821},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":823,"name":824,"techniques":825},"CAPEC-77","Manipulating User-Controlled Variables",[],{"id":827,"name":828,"techniques":829},"CAPEC-87","Forceful Browsing",[],[],[],[],[],[],[],"2026-05-29T17:58:21.342Z","2026-05-29T21:38:15.231Z","Deferred",{"cisa_kev":840,"cisa_ransomware":840,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":841,"severity_score":842,"severity_version":843,"severity_source":844,"severity_vector":845,"severity_status":838},false,"critical",9.9,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[847],{"url":848,"sources":849,"tags":851},"https://github.com/shopperlabs/shopper/security/advisories/GHSA-c3qp-2ggw-xjg7",[844,850],"nvd",[852],"X Refsource CONFIRM",[],[],[856,861],{"source":844,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":857,"cvss_v4_0":9},{"baseScore":842,"baseSeverity":858,"vectorString":845,"impactScore":859,"exploitabilityScore":860},"CRITICAL",10,7.9,{"source":850,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":862,"cvss_v4_0":9},{"baseScore":842,"baseSeverity":858,"vectorString":845,"impactScore":859,"exploitabilityScore":860},[864],{"ecosystem":9,"name":865,"vendor":866,"product":865,"cpe_part":867,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":868},"shopper","shopperlabs","a",[869],{"version":870,"is_range":871,"range_type":844,"version_start":9,"version_start_type":9,"version_end":872,"version_end_type":873,"fixed_in":9},"\u003C 2.8.0",true,"2.8.0","excluding"]