CVE-2020-11883

MEDIUM

Divante Storefront-api < 1.11.1 - Error Information Exposure

Title source: rule

Description

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.

Exploits (1)

nomisec SCANNER

by 0ndras3k · poc

https://github.com/0ndras3k/CVE-2020-11883

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/DivanteLtd/storefront-api/pull/59

[Exploit, Patch, Third Party Advisory] https://github.com/DivanteLtd/vue-storefront-api/pull/431

Scores

CVSS v3 5.3

EPSS 0.0273

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-209

Status published

Products (4)

divante/storefront-api 1.0 rc1

divante/vue-storefront-api < 1.11.1

npm/storefront-api 0 - 1.0.0-rc3npm

npm/vue-storefront-api 0 - 1.12.0npm

Published Apr 17, 2020

Tracked Since Feb 18, 2026