{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94443?format=json","vulnerability_id":"VCID-dyck-e8b3-cueq","summary":"Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.","aliases":[{"alias":"CVE-2025-58442"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95","reference_id":"09d671e91ea53a44352d5f685083dc05a2f55e95","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-10T13:50:34Z/"}],"url":"https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95"},{"reference_url":"https://github.com/saleor/saleor/releases/tag/3.21.16","reference_id":"3.21.16","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-10T13:50:34Z/"}],"url":"https://github.com/saleor/saleor/releases/tag/3.21.16"},{"reference_url":"https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb","reference_id":"b35783838e51cfc118e07d632f64b01bc3a2c4bb","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-10T13:50:34Z/"}],"url":"https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb"},{"reference_url":"https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5","reference_id":"GHSA-8w67-mfm5-fwx5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-10T13:50:34Z/"}],"url":"https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5"}],"weaknesses":[{"cwe_id":204,"name":"Observable Response Discrepancy","description":"The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere."}],"exploits":[],"severity_range_score":"5.3 - 5.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyck-e8b3-cueq"}