Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26052: Release 3.11.12 · saleor/saleor

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.

CVE
Open in Source
#vulnerability#perl#auth

CVE-2023-26051: Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

Severity: medium

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

Affected versions: Saleor ≥ 2.0.0

CVE-2023-26052: Unauthenticated Information Disclosure Vulnerability via Python Exceptions

Severity: low

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.

Affected versions: Saleor ≥ 2.0.0

Full Changelog: 3.11.11…3.11.12

Related news

GHSA-r8qr-wwg3-2r85: Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

### Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14 and 3.11.12. ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Open a discussion at https://github.com/saleor/saleor/discussions * Email us at [[email protected]](mailto:[email protected])

GHSA-3hvj-3cg9-v242: Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions

### Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Open a discussion at https://github.com/saleor/saleor/discussions * Email us at [[email protected]](mailto:[email protected])

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE