CVE-2023-26052
LOW3.7EPSS 0.18%Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
發布日:2023/3/2修改日:2023/11/8
描述
### Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Open a discussion at https://github.com/saleor/saleor/discussions * Email us at [[email protected]](mailto:[email protected])
受影響套件(1)
- PyPI/saleor>= 2.0.0, < 3.1.48
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-26052
- PATCHhttps://github.com/saleor/saleor
- WEBhttps://github.com/saleor/saleor/releases/tag/3.10.14
- WEBhttps://github.com/saleor/saleor/releases/tag/3.11.12
- WEBhttps://github.com/saleor/saleor/releases/tag/3.1.48
- WEBhttps://github.com/saleor/saleor/releases/tag/3.7.59
- WEBhttps://github.com/saleor/saleor/releases/tag/3.8.30
- WEBhttps://github.com/saleor/saleor/releases/tag/3.9.27
- WEBhttps://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242