CVE-2023-26051

MEDIUM

Saleor 2.0.0-3.1.47 - Authenticated Sensitive Information Exposure via Error Messages

Title source: llm
STIX 2.1

Description

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

Scores

CVSS v3 6.5
EPSS 0.0082
EPSS Percentile 52.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-209
Status published
Products (2)
pypi/Saleor 2.0.0 - 3.1.48PyPI
saleor/saleor 2.0.0 - 3.1.48
Published Mar 02, 2023
Tracked Since Feb 18, 2026