Base Score

MEDIUM5.3

CVE-2023-26052

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateMar 02, 2023, 19:15

Affected Versions(6)

saleor(PyPI)

Introduced2.0.0

Fixed3.1.48

LimitN/A

saleor(PyPI)

Introduced3.11.0

Fixed3.11.12

LimitN/A

saleor(PyPI)

Introduced3.10.0

Fixed3.10.14

LimitN/A

saleor(PyPI)

Introduced3.9.0

Fixed3.9.27

LimitN/A

saleor(PyPI)

Introduced3.8.0

Fixed3.8.30

LimitN/A

saleor(PyPI)

Introduced3.7.0

Fixed3.7.59

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
saleor(PyPI)	2.0.0	3.1.48	N/A
saleor(PyPI)	3.11.0	3.11.12	N/A
saleor(PyPI)	3.10.0	3.10.14	N/A
saleor(PyPI)	3.9.0	3.9.27	N/A
saleor(PyPI)	3.8.0	3.8.30	N/A
saleor(PyPI)	3.7.0	3.7.59	N/A

Weakness Type (CWE):CWE-209

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-209

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

CVE-2023-26052

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateMar 02, 2023, 19:15

Package (Ecosystem)

Introduced

Fixed

Limit

saleor(PyPI)

2.0.0

3.1.48

N/A

saleor(PyPI)

3.11.0

3.11.12

N/A

saleor(PyPI)

3.10.0

3.10.14

N/A

saleor(PyPI)

3.9.0

3.9.27

N/A

saleor(PyPI)

3.8.0

3.8.30

N/A

saleor(PyPI)

3.7.0

3.7.59

N/A