Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r8qr-wwg3-2r85: Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

Impact

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14 and 3.11.12.

Workarounds

None

For more information

If you have any questions or comments about this advisory:

  • Open a discussion at https://github.com/saleor/saleor/discussions
  • Email us at [email protected]
ghsa
Open in Source
#vulnerability#git#perl#auth

Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

Moderate severity GitHub Reviewed Published Mar 2, 2023 in saleor/saleor • Updated Mar 3, 2023

Related news

CVE-2023-26052: Release 3.11.12 · saleor/saleor

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.

ghsa: Latest News

GHSA-7m27-7ghc-44w9: Next.js Allows a Denial of Service (DoS) with Server Actions
ghsa