Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/saleor@3.9.0
Typepypi
Namespace
Namesaleor
Version3.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.9.27
Latest_non_vulnerable_version3.19.15
Affected_by_vulnerabilities
0
url VCID-4zmr-5jbx-z3ha
vulnerability_id VCID-4zmr-5jbx-z3ha
summary 
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.
references
0
reference_url https://github.com/saleor/saleor/releases/tag/3.10.14
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.10.14
1
reference_url https://github.com/saleor/saleor/releases/tag/3.11.12
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.11.12
2
reference_url https://github.com/saleor/saleor/releases/tag/3.1.48
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.1.48
3
reference_url https://github.com/saleor/saleor/releases/tag/3.7.59
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.7.59
4
reference_url https://github.com/saleor/saleor/releases/tag/3.8.30
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.8.30
5
reference_url https://github.com/saleor/saleor/releases/tag/3.9.27
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.9.27
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26052
reference_id CVE-2023-26052
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-26052
7
reference_url https://github.com/advisories/GHSA-3hvj-3cg9-v242
reference_id GHSA-3hvj-3cg9-v242
reference_type
scores
url https://github.com/advisories/GHSA-3hvj-3cg9-v242
8
reference_url https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242
reference_id GHSA-3hvj-3cg9-v242
reference_type
scores
url https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242
fixed_packages
0
url pkg:pypi/saleor@3.9.27
purl pkg:pypi/saleor@3.9.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.27
1
url pkg:pypi/saleor@3.10.14
purl pkg:pypi/saleor@3.10.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.10.14
2
url pkg:pypi/saleor@3.11.12
purl pkg:pypi/saleor@3.11.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12
aliases CVE-2023-26052, GHSA-3hvj-3cg9-v242
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zmr-5jbx-z3ha
1
url VCID-sxq3-egvv-1kdc
vulnerability_id VCID-sxq3-egvv-1kdc
summary 
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
references
0
reference_url https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1
reference_id
reference_type
scores
url https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1
1
reference_url https://github.com/saleor/saleor/releases/tag/3.10.14
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.10.14
2
reference_url https://github.com/saleor/saleor/releases/tag/3.11.12
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.11.12
3
reference_url https://github.com/saleor/saleor/releases/tag/3.1.48
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.1.48
4
reference_url https://github.com/saleor/saleor/releases/tag/3.7.59
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.7.59
5
reference_url https://github.com/saleor/saleor/releases/tag/3.8.30
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.8.30
6
reference_url https://github.com/saleor/saleor/releases/tag/3.9.27
reference_id
reference_type
scores
url https://github.com/saleor/saleor/releases/tag/3.9.27
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26051
reference_id CVE-2023-26051
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-26051
8
reference_url https://github.com/advisories/GHSA-r8qr-wwg3-2r85
reference_id GHSA-r8qr-wwg3-2r85
reference_type
scores
url https://github.com/advisories/GHSA-r8qr-wwg3-2r85
9
reference_url https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85
reference_id GHSA-r8qr-wwg3-2r85
reference_type
scores
url https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85
fixed_packages
0
url pkg:pypi/saleor@3.9.27
purl pkg:pypi/saleor@3.9.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.27
1
url pkg:pypi/saleor@3.10.14
purl pkg:pypi/saleor@3.10.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.10.14
2
url pkg:pypi/saleor@3.11.12
purl pkg:pypi/saleor@3.11.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12
aliases CVE-2023-26051, GHSA-r8qr-wwg3-2r85
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxq3-egvv-1kdc
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.0