Site icon API Security Blog

Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

### Impact
Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14 and 3.11.12.

### Workarounds
None

### For more information
If you have any questions or comments about this advisory:
* Open a discussion at https://github.com/saleor/saleor/discussions
* Email us at [hello@saleor.io](mailto:hello@saleor.io)Read More

Exit mobile version