Package
pimcore/customer-management-framework-bundle
(Composer)
Affected versions
< 3.3.9
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Impact
Business Logic Errors in the Conditions tab since the counter can be a negative number.
This vulnerability is capable of the unlogic in the counter value in the Conditions tab.
Patches
Update to version 3.3.9 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch
Workarounds
Apply https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch manually.
References
https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a/