CVE-2023-26052

low-risk
Published 2023-03-02

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (1)

Saleor

Affected Vendors

Saleor

References (14)

Release Notes https://github.com/saleor/saleor/releases/tag/3.1.48
Release Notes https://github.com/saleor/saleor/releases/tag/3.10.14
Release Notes https://github.com/saleor/saleor/releases/tag/3.11.12
Release Notes https://github.com/saleor/saleor/releases/tag/3.7.59
Release Notes https://github.com/saleor/saleor/releases/tag/3.8.30
Release Notes https://github.com/saleor/saleor/releases/tag/3.9.27
Vendor Advisory https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242
Release Notes https://github.com/saleor/saleor/releases/tag/3.1.48
Release Notes https://github.com/saleor/saleor/releases/tag/3.10.14
Release Notes https://github.com/saleor/saleor/releases/tag/3.11.12
Release Notes https://github.com/saleor/saleor/releases/tag/3.7.59
Release Notes https://github.com/saleor/saleor/releases/tag/3.8.30
Release Notes https://github.com/saleor/saleor/releases/tag/3.9.27
Vendor Advisory https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242
19
/ 100
low-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal