Lucene search
Veracode Vulnerability DatabaseVERACODE:39591HistoryMar 08, 2023 - 9:51 a.m.
Information Disclosure
2023-03-0809:51:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
saleor
information disclosure
sensitive information
python exceptions
api
EPSS
0.001
Percentile
42.1%
saleor is vulnerable to Information Disclosure. A remote attacker is able to gain access to sensitive information such as user email addresses via improperly handled python exceptions which are returned when the API returns error messages.
References
github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1
github.com/saleor/saleor/commit/844555cef6de0bcf957d158970313128a1c0e8eb
github.com/saleor/saleor/releases/tag/3.1.48
github.com/saleor/saleor/releases/tag/3.10.14
github.com/saleor/saleor/releases/tag/3.11.12
github.com/saleor/saleor/releases/tag/3.7.59
github.com/saleor/saleor/releases/tag/3.8.30
github.com/saleor/saleor/releases/tag/3.9.27
github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85
Related
osv
osv
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
2023-03-03 22:46:04
CVE-2023-26051
2023-03-02 19:15:10
prion
prion
Information disclosure
2023-03-02 19:15:00
nvd
nvd
CVE-2023-26051
2023-03-02 19:15:10
cvelist
cvelist
github
github
cve
cve
CVE-2023-26051
2023-03-02 19:15:10