Search criteria
14 vulnerabilities by Saleor
CVE-2026-24136 (GCVE-0-2026-24136)
Vulnerability from cvelistv5 – Published: 2026-01-23 23:38 – Updated: 2026-01-26 17:10
VLAI?
Title
Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Summary
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor 3.2.0 could have PIIs exfiltrated. The issue has been patched in Saleor versions: 3.22.29, 3.21.45, and 3.20.110. To workaround, temporarily block non-staff users from fetching order information (the order() GraphQL query) using a WAF.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T17:09:35.701674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T17:10:16.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.22.0-a.0, \u003c 3.22.29"
},
{
"status": "affected",
"version": "\u003e= 3.21.0-a.0, \u003c 3.21.45"
},
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.20.110"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor 3.2.0 could have PIIs exfiltrated. The issue has been patched in Saleor versions: 3.22.29, 3.21.45, and 3.20.110. To workaround, temporarily block non-staff users from fetching order information (the order() GraphQL query) using a WAF."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T23:38:31.414Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-r6fj-f4r9-36gr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r6fj-f4r9-36gr"
},
{
"name": "https://github.com/saleor/saleor/commit/5dab1857fbb2801f74e2bfe86f307e4590d9d2fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/5dab1857fbb2801f74e2bfe86f307e4590d9d2fa"
},
{
"name": "https://github.com/saleor/saleor/commit/718ce1b4fc3aef68eeac1aea0cf1d70a614ba6af",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/718ce1b4fc3aef68eeac1aea0cf1d70a614ba6af"
},
{
"name": "https://github.com/saleor/saleor/commit/9bcd4f9000b189297eeb3ac88cc28c6c30229153",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/9bcd4f9000b189297eeb3ac88cc28c6c30229153"
},
{
"name": "https://github.com/saleor/saleor/commit/aeaced8acb5e01055eddec584263f77e517d5944",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/aeaced8acb5e01055eddec584263f77e517d5944"
}
],
"source": {
"advisory": "GHSA-r6fj-f4r9-36gr",
"discovery": "UNKNOWN"
},
"title": "Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24136",
"datePublished": "2026-01-23T23:38:31.414Z",
"dateReserved": "2026-01-21T18:38:22.474Z",
"dateUpdated": "2026-01-26T17:10:16.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23499 (GCVE-0-2026-23499)
Vulnerability from cvelistv5 – Published: 2026-01-21 21:36 – Updated: 2026-01-22 16:50
VLAI?
Title
Saleor vulnerable to stored XSS via Unrestricted File Upload
Summary
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these files may be served from the same domain as the dashboard without any restrictions leading to the execution of malicious scripts in the context of the user's browser. Malicious staff members could craft script injections to target other staff members, possibly stealing their access and/or refresh tokens. Users are vulnerable if they host the media files inside the same domain as the dashboard, e.g., dashboard is at `example.com/dashboard/` and media are under `example.com/media/`. They are not impact if media files are hosted in a different domain, e.g., `media.example.com`. Users are impacted if they do not return a `Content-Disposition: attachment` header for the media files. Saleor Cloud users are not impacted. This issue has been patched in versions: 3.22.27, 3.21.43, and 3.20.108. Some workarounds are available for those unable to upgrade. Configure the servers hosting the media files (e.g., CDN or reverse proxy) to return the Content-Disposition: attachment header. This instructs browsers to download the file instead of rendering them in the browser. Prevent the servers from returning HTML and SVG files. Set-up a `Content-Security-Policy` for media files, such as `Content-Security-Policy: default-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none';`.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:09:33.487872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:13.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.22.27"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.21.43"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.20.108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these files may be served from the same domain as the dashboard without any restrictions leading to the execution of malicious scripts in the context of the user\u0027s browser. Malicious staff members could craft script injections to target other staff members, possibly stealing their access and/or refresh tokens. Users are vulnerable if they host the media files inside the same domain as the dashboard, e.g., dashboard is at `example.com/dashboard/` and media are under `example.com/media/`. They are not impact if media files are hosted in a different domain, e.g., `media.example.com`. Users are impacted if they do not return a `Content-Disposition: attachment` header for the media files. Saleor Cloud users are not impacted. This issue has been patched in versions: 3.22.27, 3.21.43, and 3.20.108. Some workarounds are available for those unable to upgrade. Configure the servers hosting the media files (e.g., CDN or reverse proxy) to return the Content-Disposition: attachment header. This instructs browsers to download the file instead of rendering them in the browser. Prevent the servers from returning HTML and SVG files. Set-up a `Content-Security-Policy` for media files, such as `Content-Security-Policy: default-src \u0027none\u0027; base-uri \u0027none\u0027; frame-ancestors \u0027none\u0027; form-action \u0027none\u0027;`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T21:36:19.702Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-666h-2p49-pg95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-666h-2p49-pg95"
},
{
"name": "https://github.com/saleor/saleor/commit/77f7927a0db9a216440df92c51012136f13e1d99",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/77f7927a0db9a216440df92c51012136f13e1d99"
},
{
"name": "https://github.com/saleor/saleor/commit/7d33efc7a06252320cd51cbb20c2e308aed2fd10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/7d33efc7a06252320cd51cbb20c2e308aed2fd10"
},
{
"name": "https://github.com/saleor/saleor/commit/9110eba68c3f73afa1f72b45bd9b1394c752d335",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/9110eba68c3f73afa1f72b45bd9b1394c752d335"
},
{
"name": "https://github.com/saleor/saleor/commit/ac6936a336289c77398ef600cad3498ad4ba261c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/ac6936a336289c77398ef600cad3498ad4ba261c"
},
{
"name": "https://github.com/saleor/saleor/commit/b3cb27b3fe96dae3c879063e56d32a9398eabd24",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/b3cb27b3fe96dae3c879063e56d32a9398eabd24"
},
{
"name": "https://docs.saleor.io/security/#restricted-file-uploads",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.saleor.io/security/#restricted-file-uploads"
}
],
"source": {
"advisory": "GHSA-666h-2p49-pg95",
"discovery": "UNKNOWN"
},
"title": "Saleor vulnerable to stored XSS via Unrestricted File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23499",
"datePublished": "2026-01-21T21:36:19.702Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-22T16:50:13.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22849 (GCVE-0-2026-22849)
Vulnerability from cvelistv5 – Published: 2026-01-21 21:31 – Updated: 2026-01-22 16:50
VLAI?
Title
Saleor lacks proper HTML sanitization in rich text fields
Summary
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and storefronts. Malicious staff members could craft script injections to target other staff members, possibly stealing their access and/or refresh tokens. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108. In case of inability to upgrade straight away, a possible workaround is to use client-side cleaner.
Severity ?
CWE
- CWE-83 - Improper Neutralization of Script in Attributes in a Web Page
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:09:35.969984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:18.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.22.27"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.21.43"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.20.108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and storefronts. Malicious staff members could craft script injections to target other staff members, possibly stealing their access and/or refresh tokens. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108. In case of inability to upgrade straight away, a possible workaround is to use client-side cleaner."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-83",
"description": "CWE-83: Improper Neutralization of Script in Attributes in a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T21:31:14.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-8jcj-r5g2-qrpv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-8jcj-r5g2-qrpv"
},
{
"name": "https://github.com/saleor/saleor/commit/1085c7813224a0a65f1dac7275cbc3244e23c386",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/1085c7813224a0a65f1dac7275cbc3244e23c386"
},
{
"name": "https://github.com/saleor/saleor/commit/676d95dbc7d811610e68f2ea8f9b6652cbd58e9b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/676d95dbc7d811610e68f2ea8f9b6652cbd58e9b"
},
{
"name": "https://github.com/saleor/saleor/commit/9110eba68c3f73afa1f72b45bd9b1394c752d335",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/9110eba68c3f73afa1f72b45bd9b1394c752d335"
},
{
"name": "https://github.com/saleor/saleor/commit/b67a0b9d9f243e5d6c2f9c7643d42a54c24c90ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/b67a0b9d9f243e5d6c2f9c7643d42a54c24c90ee"
},
{
"name": "https://github.com/saleor/saleor/commit/bb5f883aeb0f085899a9d4f35d429cf7eb07a11d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/bb5f883aeb0f085899a9d4f35d429cf7eb07a11d"
},
{
"name": "https://docs.saleor.io/security/#editorjs--html-cleaning",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.saleor.io/security/#editorjs--html-cleaning"
}
],
"source": {
"advisory": "GHSA-8jcj-r5g2-qrpv",
"discovery": "UNKNOWN"
},
"title": "Saleor lacks proper HTML sanitization in rich text fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22849",
"datePublished": "2026-01-21T21:31:14.664Z",
"dateReserved": "2026-01-12T16:20:16.745Z",
"dateUpdated": "2026-01-22T16:50:18.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58442 (GCVE-0-2025-58442)
Vulnerability from cvelistv5 – Published: 2025-09-09 19:46 – Updated: 2025-09-10 13:50
VLAI?
Title
Saleor has user enumeration vulnerability due to different error messages
Summary
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T13:50:34.635633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T13:50:40.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.21.0, \u003c 3.21.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T19:46:45.798Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5"
},
{
"name": "https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95"
},
{
"name": "https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.21.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.21.16"
}
],
"source": {
"advisory": "GHSA-8w67-mfm5-fwx5",
"discovery": "UNKNOWN"
},
"title": "Saleor has user enumeration vulnerability due to different error messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58442",
"datePublished": "2025-09-09T19:46:45.798Z",
"dateReserved": "2025-09-01T20:03:06.532Z",
"dateUpdated": "2025-09-10T13:50:40.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31205 (GCVE-0-2024-31205)
Vulnerability from cvelistv5 – Published: 2024-04-08 14:26 – Updated: 2024-08-02 01:46
VLAI?
Title
Saleor CSRF bypass in refreshToken mutation
Summary
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.
Severity ?
4.2 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:46:25.741486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:18.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-ff69-fwjf-3c9w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-ff69-fwjf-3c9w"
},
{
"name": "https://github.com/saleor/saleor/commit/36699c6f5c99590d24f46e3d5c5b1a3c2fd072e7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/36699c6f5c99590d24f46e3d5c5b1a3c2fd072e7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.14.64"
},
{
"status": "affected",
"version": "\u003e= 3.15.0, \u003c 3.15.39"
},
{
"status": "affected",
"version": "\u003e= 3.16.0, \u003c 3.16.39"
},
{
"status": "affected",
"version": "\u003e= 3.17.0, \u003c 3.17.35"
},
{
"status": "affected",
"version": "\u003e= 3.18.0, \u003c 3.18.31"
},
{
"status": "affected",
"version": "\u003e= 3.19.0, \u003c 3.19.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T14:26:30.971Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-ff69-fwjf-3c9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-ff69-fwjf-3c9w"
},
{
"name": "https://github.com/saleor/saleor/commit/36699c6f5c99590d24f46e3d5c5b1a3c2fd072e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/36699c6f5c99590d24f46e3d5c5b1a3c2fd072e7"
}
],
"source": {
"advisory": "GHSA-ff69-fwjf-3c9w",
"discovery": "UNKNOWN"
},
"title": "Saleor CSRF bypass in refreshToken mutation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31205",
"datePublished": "2024-04-08T14:26:30.971Z",
"dateReserved": "2024-03-29T14:16:31.899Z",
"dateUpdated": "2024-08-02T01:46:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29888 (GCVE-0-2024-29888)
Vulnerability from cvelistv5 – Published: 2024-03-27 18:53 – Updated: 2024-08-02 01:17
VLAI?
Title
Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Summary
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.
Severity ?
4.2 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:54:53.329148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:18.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"
},
{
"name": "https://github.com/saleor/saleor/pull/15694",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/pull/15694"
},
{
"name": "https://github.com/saleor/saleor/pull/15697",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/pull/15697"
},
{
"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"
},
{
"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"
},
{
"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"
},
{
"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"
},
{
"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"
},
{
"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"
},
{
"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"
},
{
"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.14.56, \u003c 3.14.61"
},
{
"status": "affected",
"version": "\u003e= 3.15.31, \u003c 3.15.37"
},
{
"status": "affected",
"version": "\u003e= 3.16.27, \u003c 3.16.34"
},
{
"status": "affected",
"version": "\u003e= 3.17.25, \u003c 3.17.32"
},
{
"status": "affected",
"version": "\u003e= 3.18.19, \u003c 3.18.28"
},
{
"status": "affected",
"version": "\u003e= 3.19.5, \u003c 3.19.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T18:53:44.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"
},
{
"name": "https://github.com/saleor/saleor/pull/15694",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/pull/15694"
},
{
"name": "https://github.com/saleor/saleor/pull/15697",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/pull/15697"
},
{
"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"
},
{
"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"
},
{
"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"
},
{
"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"
},
{
"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"
},
{
"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"
},
{
"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"
},
{
"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"
}
],
"source": {
"advisory": "GHSA-mrj3-f2h4-7w45",
"discovery": "UNKNOWN"
},
"title": "Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29888",
"datePublished": "2024-03-27T18:53:44.698Z",
"dateReserved": "2024-03-21T15:12:08.997Z",
"dateUpdated": "2024-08-02T01:17:58.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29036 (GCVE-0-2024-29036)
Vulnerability from cvelistv5 – Published: 2024-03-20 20:39 – Updated: 2024-08-02 01:03
VLAI?
Title
Saleor Storefront session leak in cache
Summary
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| saleor | storefront |
Affected:
< 579241e75a5eb332ccf26e0bcdd54befa33f4783
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T15:24:01.977373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:57:12.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4"
},
{
"name": "https://github.com/saleor/saleor-docs/pull/1120",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor-docs/pull/1120"
},
{
"name": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da"
},
{
"name": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "storefront",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003c 579241e75a5eb332ccf26e0bcdd54befa33f4783"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T20:39:01.341Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4"
},
{
"name": "https://github.com/saleor/saleor-docs/pull/1120",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor-docs/pull/1120"
},
{
"name": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da"
},
{
"name": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783"
}
],
"source": {
"advisory": "GHSA-52cq-c7x7-cqw4",
"discovery": "UNKNOWN"
},
"title": "Saleor Storefront session leak in cache"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29036",
"datePublished": "2024-03-20T20:39:01.341Z",
"dateReserved": "2024-03-14T16:59:47.613Z",
"dateUpdated": "2024-08-02T01:03:51.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3294 (GCVE-0-2023-3294)
Vulnerability from cvelistv5 – Published: 2023-06-16 00:00 – Updated: 2024-12-17 16:55
VLAI?
Title
Cross-site Scripting (XSS) - DOM in saleor/react-storefront
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| saleor | saleor/react-storefront |
Affected:
unspecified , < c29aab226f07ca980cc19787dcef101e11b83ef7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9d308ebb-4289-411f-ac22-990383d98932"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/saleor/react-storefront/commit/c29aab226f07ca980cc19787dcef101e11b83ef7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:55:25.013145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:55:41.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor/react-storefront",
"vendor": "saleor",
"versions": [
{
"lessThan": "c29aab226f07ca980cc19787dcef101e11b83ef7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-16T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9d308ebb-4289-411f-ac22-990383d98932"
},
{
"url": "https://github.com/saleor/react-storefront/commit/c29aab226f07ca980cc19787dcef101e11b83ef7"
}
],
"source": {
"advisory": "9d308ebb-4289-411f-ac22-990383d98932",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in saleor/react-storefront"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3294",
"datePublished": "2023-06-16T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-12-17T16:55:41.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32694 (GCVE-0-2023-32694)
Vulnerability from cvelistv5 – Published: 2023-05-25 14:29 – Updated: 2025-01-16 19:21
VLAI?
Title
Non-constant time HMAC comparison in Adyen plugin in Saleor
Summary
Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16.
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f"
},
{
"name": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:21:44.207892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:21:54.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c 3.7.68"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.40"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.49"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.36"
},
{
"status": "affected",
"version": "\u003e= 3.11.0, \u003c 3.11.35"
},
{
"status": "affected",
"version": "\u003e= 3.12.0, \u003c 3.12.25"
},
{
"status": "affected",
"version": "\u003e= 3.13.0, \u003c 3.13.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor Core is a composable, headless commerce API. Saleor\u0027s `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T14:29:10.217Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f"
},
{
"name": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e"
}
],
"source": {
"advisory": "GHSA-3rqj-9v87-2x3f",
"discovery": "UNKNOWN"
},
"title": "Non-constant time HMAC comparison in Adyen plugin in Saleor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32694",
"datePublished": "2023-05-25T14:29:10.217Z",
"dateReserved": "2023-05-11T16:33:45.733Z",
"dateUpdated": "2025-01-16T19:21:54.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26052 (GCVE-0-2023-26052)
Vulnerability from cvelistv5 – Published: 2023-03-02 18:54 – Updated: 2025-03-05 16:10
VLAI?
Title
Saleor is vulnerable to unauthenticated information disclosure via Python exceptions
Summary
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.
Severity ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:10:39.389638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:10:59.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 3.1.48"
},
{
"status": "affected",
"version": "\u003e= 3.11.0, \u003c 3.11.12"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.14"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.27"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.30"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:54:33.030Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"source": {
"advisory": "GHSA-3hvj-3cg9-v242",
"discovery": "UNKNOWN"
},
"title": "Saleor is vulnerable to unauthenticated information disclosure via Python exceptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26052",
"datePublished": "2023-03-02T18:54:33.030Z",
"dateReserved": "2023-02-17T22:44:03.150Z",
"dateUpdated": "2025-03-05T16:10:59.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26051 (GCVE-0-2023-26051)
Vulnerability from cvelistv5 – Published: 2023-03-02 18:29 – Updated: 2025-03-05 20:41
VLAI?
Title
Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions
Summary
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
Severity ?
6.5 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85"
},
{
"name": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T20:41:09.751361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T20:41:26.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": " \u003e= 2.0.0, \u003c 3.1.48"
},
{
"status": "affected",
"version": "\u003e= 3.11.0, \u003c 3.11.12"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.14"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.27"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.30"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:29:48.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85"
},
{
"name": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"source": {
"advisory": "GHSA-r8qr-wwg3-2r85",
"discovery": "UNKNOWN"
},
"title": "Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26051",
"datePublished": "2023-03-02T18:29:48.611Z",
"dateReserved": "2023-02-17T22:44:03.150Z",
"dateUpdated": "2025-03-05T20:41:26.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39275 (GCVE-0-2022-39275)
Vulnerability from cvelistv5 – Published: 2022-10-06 00:00 – Updated: 2025-04-23 16:52
VLAI?
Title
Improper object type validation in saleor
Summary
Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue.
Severity ?
5.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-xhq8-8c5v-w8ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/96e04c092ddcac17b14f2e31554aa02d9006d0ce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:19.505713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:52:27.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 3.1.24"
},
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.14"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.26"
},
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.24"
},
{
"status": "affected",
"version": "\u003e= 3.5.0, \u003c 3.5.23"
},
{
"status": "affected",
"version": "\u003e= 3.6.0, \u003c 3.6.18"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-xhq8-8c5v-w8ff"
},
{
"url": "https://github.com/saleor/saleor/commit/96e04c092ddcac17b14f2e31554aa02d9006d0ce"
}
],
"source": {
"advisory": "GHSA-xhq8-8c5v-w8ff",
"discovery": "UNKNOWN"
},
"title": "Improper object type validation in saleor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39275",
"datePublished": "2022-10-06T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:52:27.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0932 (GCVE-0-2022-0932)
Vulnerability from cvelistv5 – Published: 2022-03-11 00:00 – Updated: 2024-08-02 23:47
VLAI?
Title
Missing Authorization in saleor/saleor
Summary
Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| saleor | saleor/saleor |
Affected:
unspecified , < 3.1.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/88ae4cbc-c697-401b-8b04-7dc4e03ad8eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/521dfd6394f3926a77c60d8633c058e16d0f916d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "saleor/saleor",
"vendor": "saleor",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/88ae4cbc-c697-401b-8b04-7dc4e03ad8eb"
},
{
"url": "https://github.com/saleor/saleor/commit/521dfd6394f3926a77c60d8633c058e16d0f916d"
}
],
"source": {
"advisory": "88ae4cbc-c697-401b-8b04-7dc4e03ad8eb",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in saleor/saleor"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0932",
"datePublished": "2022-03-11T00:00:00",
"dateReserved": "2022-03-11T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010304 (GCVE-0-2019-1010304)
Vulnerability from cvelistv5 – Published: 2019-07-15 14:45 – Updated: 2024-08-05 03:07
VLAI?
Summary
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop's revenue data. The fixed version is: 2.3.1.
Severity ?
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mirumee/saleor/issues/3768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Saleor",
"vendor": "Saleor",
"versions": [
{
"status": "affected",
"version": "Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release [fixed: 2.3.1]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop\u0027s revenue data. The fixed version is: 2.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T14:45:39",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mirumee/saleor/issues/3768"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Saleor",
"version": {
"version_data": [
{
"version_value": "Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release [fixed: 2.3.1]"
}
]
}
}
]
},
"vendor_name": "Saleor"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop\u0027s revenue data. The fixed version is: 2.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mirumee/saleor/issues/3768",
"refsource": "MISC",
"url": "https://github.com/mirumee/saleor/issues/3768"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010304",
"datePublished": "2019-07-15T14:45:39",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}