{"id":"CVE-2023-26052","summary":"Saleor is vulnerable to unauthenticated information disclosure via Python exceptions","details":"Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12. ","aliases":["GHSA-3hvj-3cg9-v242"],"modified":"2026-04-10T04:56:12.019936Z","published":"2023-03-02T18:54:33.030Z","database_specific":{"cwe_ids":["CWE-209"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26052.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.1.48"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.10.14"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.11.12"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.7.59"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.8.30"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.9.27"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26052.json"},{"type":"ADVISORY","url":"https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26052"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/saleor/saleor","events":[{"introduced":"6c0861e12fcf01a00b6290391d1907b60c4d7b18"},{"fixed":"5420950af64fc87271707d83e84d03e7fe05d01f"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"3.1.48"}]}},{"type":"GIT","repo":"https://github.com/saleor/saleor","events":[{"introduced":"7a0e3851927c6fed03cff68e8e032843e0959754"},{"fixed":"42ccc445ded6c669d624e38e81039bbc82bae791"}],"database_specific":{"versions":[{"introduced":"3.11.0"},{"fixed":"3.11.12"}]}},{"type":"GIT","repo":"https://github.com/saleor/saleor","events":[{"introduced":"792acfb0fb764a8074f4e7e3e2c28a32d43f81f9"},{"fixed":"8383538065de23818c177d037a49f0f773a6e9f1"}],"database_specific":{"versions":[{"introduced":"3.10.0"},{"fixed":"3.10.14"}]}},{"type":"GIT","repo":"https://github.com/saleor/saleor","events":[{"introduced":"14fab7d68a25f52281b12dee7154c38682292339"},{"fixed":"16e23faaa16243e324bc8b9e8c6b3f4ef321689d"}],"database_specific":{"versions":[{"introduced":"3.9.0"},{"fixed":"3.9.27"}]}},{"type":"GIT","repo":"https://github.com/saleor/saleor","events":[{"introduced":"f5b8251d0c9fc2e56b877c2c32eba297af98fb1a"},{"fixed":"605e352a93124bb04ace379e2f19d3a672421e9c"}],"database_specific":{"versions":[{"introduced":"3.8.0"},{"fixed":"3.8.30"}]}},{"type":"GIT","repo":"https://github.com/saleor/saleor","events":[{"introduced":"ca8abbb23654317acad9bccd1def0c713f4548f1"},{"fixed":"091b89d296543c5b26b2dfdde358946eeff1a49b"}],"database_specific":{"versions":[{"introduced":"3.7.0"},{"fixed":"3.7.59"}]}}],"versions":["3.10.0","3.10.1","3.10.10","3.10.11","3.10.12","3.10.13","3.10.2","3.10.3","3.10.4","3.10.5","3.10.6","3.10.7","3.10.8","3.10.9","3.11.0","3.11.1","3.11.10","3.11.11","3.11.2","3.11.3","3.11.4","3.11.5","3.11.6","3.11.7","3.11.8","3.11.9","3.7.0","3.7.1","3.7.10","3.7.11","3.7.12","3.7.13","3.7.14","3.7.15","3.7.16","3.7.17","3.7.18","3.7.19","3.7.2","3.7.20","3.7.21","3.7.22","3.7.23","3.7.24","3.7.25","3.7.26","3.7.27","3.7.28","3.7.29","3.7.3","3.7.30","3.7.31","3.7.32","3.7.33","3.7.34","3.7.35","3.7.36","3.7.37","3.7.38","3.7.39","3.7.4","3.7.40","3.7.41","3.7.42","3.7.43","3.7.44","3.7.45","3.7.46","3.7.47","3.7.48","3.7.49","3.7.5","3.7.50","3.7.51","3.7.52","3.7.53","3.7.54","3.7.55","3.7.56","3.7.57","3.7.58","3.7.6","3.7.7","3.7.8","3.7.9","3.8.0","3.8.1","3.8.10","3.8.11","3.8.12","3.8.13","3.8.14","3.8.15","3.8.16","3.8.17","3.8.18","3.8.19","3.8.2","3.8.20","3.8.21","3.8.22","3.8.23","3.8.24","3.8.25","3.8.26","3.8.27","3.8.28","3.8.29","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.8.8","3.8.9","3.9.0","3.9.1","3.9.11","3.9.12","3.9.13","3.9.14","3.9.15","3.9.16","3.9.17","3.9.18","3.9.19","3.9.2","3.9.20","3.9.21","3.9.22","3.9.23","3.9.24","3.9.25","3.9.26","3.9.3","3.9.4","3.9.5","3.9.6","3.9.7","3.9.8","3.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26052.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}