Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Discription
### Impact
Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14 and 3.11.12.
### Workarounds
None
### For more information
If you have any questions or comments about this advisory:
* Open a discussion at https://github.com/saleor/saleor/discussions
* Email us at [[email protected]](mailto:[email protected])Read More
References
Back to Main