Moderately Critical Commerce Elavon Security Update

Staff Reporter

The Commerce Elavon module enables you to accept payments from the Elavon payment provider.

The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon (On-site) payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment details.

This vulnerability is mitigated by the fact that an attacker must be able to spoof the Elavon DNS received by your site.

Solution:
Install the latest version:

If you use the Commerce Elavon module for Drupal 8.x/9.x, upgrade to Commerce Elavon 8.x-2.3
If you use the Commerce Elavon module version 1.x for Drupal 7.x, upgrade to Commerce Elavon 7.x-1.5

Source:

Commerce Elavon - Moderately Critical

Click here to follow us on LinkedIn

Comment

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Security Update