Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
References
| Link | Resource |
|---|---|
| https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 | Patch |
| https://github.com/saleor/saleor/releases/tag/3.1.48 | Release Notes |
| https://github.com/saleor/saleor/releases/tag/3.10.14 | Release Notes |
| https://github.com/saleor/saleor/releases/tag/3.11.12 | Release Notes |
| https://github.com/saleor/saleor/releases/tag/3.7.59 | Release Notes |
| https://github.com/saleor/saleor/releases/tag/3.8.30 | Release Notes |
| https://github.com/saleor/saleor/releases/tag/3.9.27 | Release Notes |
| https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:09
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. |
Information
Published : 2023-03-02 19:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-26051
Mitre link : CVE-2023-26051
CVE.ORG link : CVE-2023-26051
JSON object : View
Products Affected
saleor
- saleor
CWE
CWE-209
Generation of Error Message Containing Sensitive Information