-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from a middleware restructuring in Saleor 2.7.0 where core Django middleware components (including CSRF protection) were wrapped with django_only_middleware to exclude them from API requests. The django_csrf_view_middleware in saleor/core/middleware.py replaced Django's standard CsrfViewMiddleware, but the conditional logic (skipping middleware for API paths) likely caused improper exclusion of CSRF checks for critical non-API endpoints. The fix in 2.8.0 reverted to the original Django middleware configuration, confirming that the custom wrapper was the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| saleor | pip | = 2.7.0 | 2.8.0 |