1. Home
  2. CVE Database
  3. CVE-2023-26052
LOW · 3.7

CVE-2023-26052

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. S...

Vulnerability Description

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SaleorSaleor>= 2.0.0, < 3.1.48

Related Weaknesses (CWE)

CWE-209

References

FAQ

What is CVE-2023-26052?

CVE-2023-26052 is a vulnerability with a CVSS score of 3.7 (LOW). Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. S...

How severe is CVE-2023-26052?

CVE-2023-26052 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26052?

Check the references section above for vendor advisories and patch information. Affected products include: Saleor Saleor.