Skip to content

3.10.14

Compare
Choose a tag to compare
@NyanKiyoshi NyanKiyoshi released this 02 Mar 12:06
· 271 commits to main since this release
3.10.14
8383538

CVE-2023-26051: Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

Severity: medium

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

Affected versions: Saleor ≥ 2.0.0

CVE-2023-26052: Unauthenticated Information Disclosure Vulnerability via Python Exceptions

Severity: low

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.

Affected versions: Saleor ≥ 2.0.0


Full Changelog: 3.10.13...3.10.14