Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Impact
Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.
Affected versions: Saleor ≥ 2.0.0
Workarounds
None
For more information
If you have any questions or comments about this advisory:
- Open a discussion at https://github.com/saleor/saleor/discussions
- Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-3hvj-3cg9-v242, CVE-2023-26052
References:
- https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242
- https://nvd.nist.gov/vuln/detail/CVE-2023-26052
- https://github.com/saleor/saleor/releases/tag/3.1.48
- https://github.com/saleor/saleor/releases/tag/3.10.14
- https://github.com/saleor/saleor/releases/tag/3.11.12
- https://github.com/saleor/saleor/releases/tag/3.7.59
- https://github.com/saleor/saleor/releases/tag/3.8.30
- https://github.com/saleor/saleor/releases/tag/3.9.27
- https://github.com/advisories/GHSA-3hvj-3cg9-v242
Blast Radius: 1.1
Affected Packages
pypi:saleor
Dependent packages: 0Dependent repositories: 2
Downloads: 20 last month
Affected Version Ranges: >= 3.7.0, < 3.7.59, >= 3.8.0, < 3.8.30, >= 3.9.0, < 3.9.27, >= 3.10.0, < 3.10.14, >= 3.11.0, < 3.11.12, >= 2.0.0, < 3.1.48
Fixed in: 3.7.59, 3.8.30, 3.9.27, 3.10.14, 3.11.12, 3.1.48
All affected versions: 2.10.1
All unaffected versions: