CVE-2023-26051

MEDIUM

Saleor - Info Disclosure

Title source: llm
STIX 2.1

Description

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

References (8)

Core 8

Scores

CVSS v3 6.5
EPSS 0.0027
EPSS Percentile 50.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-209
Status published
Products (2)
pypi/Saleor 2.0.0 - 3.1.48PyPI
saleor/saleor 2.0.0 - 3.1.48
Published Mar 02, 2023
Tracked Since Feb 18, 2026