Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-3hvj-3cg9-v242: Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions

Impact

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.

Affected versions: Saleor ≥ 2.0.0

Workarounds

None

For more information

If you have any questions or comments about this advisory:

  • Open a discussion at https://github.com/saleor/saleor/discussions
  • Email us at [email protected]
ghsa
Open in Source
#vulnerability#git#perl#auth

Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions

Low severity GitHub Reviewed Published Mar 2, 2023 in saleor/saleor • Updated Mar 2, 2023

Related news

CVE-2023-26052: Release 3.11.12 · saleor/saleor

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.

ghsa: Latest News

GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling
ghsa