cancel
Showing results for 
Search instead for 
Did you mean: 

/rest/default/V1/guest-carts/ open to DDOS

Re: /rest/default/V1/guest-carts/ open to DDOS

But the IP is not the server, the request comes from the users browser and clearly the attackers have figured out how to easily spoof the referrer etc.

 

It's insane to me this is so easily exploited without an official patch / workaround. As usual seems like Magento OS customers are just left to whither on the vine...