CVE-2020-11883

MEDIUM

Divante vue-storefront-api and storefront-api - Information Disclosure via Error Stack Trace

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11883. PoCs published by 0ndras3k.

AI-analyzed exploit summary This repository contains a scanner for CVE-2020-11883, a vulnerability in vue-storefront-api. The script sends a crafted request to check if the target is vulnerable by analyzing the response for specific error patterns.

Description

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.

Exploits (1)

nomisec SCANNER

by 0ndras3k · poc

https://github.com/0ndras3k/CVE-2020-11883

View Code ZIP pw:eip

This repository contains a scanner for CVE-2020-11883, a vulnerability in vue-storefront-api. The script sends a crafted request to check if the target is vulnerable by analyzing the response for specific error patterns.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: vue-storefront-api

No auth needed

Prerequisites: Network access to the target domain

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/DivanteLtd/vue-storefront-api/pull/431

Patch, Third Party Advisory x_refsource_misc

https://github.com/DivanteLtd/storefront-api/pull/59

Scores

CVSS v3 5.3

EPSS 0.0273

EPSS Percentile 86.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-209

Status published

Products (4)

divante/storefront-api 1.0 rc1

divante/vue-storefront-api < 1.11.1

npm/storefront-api 0 - 1.0.0-rc3npm

npm/vue-storefront-api 0 - 1.12.0npm

Published Apr 17, 2020

Tracked Since Feb 18, 2026