CVE-2023-26051

Name of the Vulnerable Software and Affected Versions Saleor versions prior to 3.1.48 Saleor versions prior to 3.7.59 Saleor versions prior to 3.8.30 Saleor versions prior to 3.9.27 Saleor versions prior to 3.10.14 Saleor versions prior to 3.11.12

Description The issue arises from internal Python exceptions not being handled properly, resulting in error messages being returned via the API. These messages may contain sensitive information, such as user email addresses, particularly in staff-authenticated requests.

Recommendations For versions prior to 3.1.48, update to version 3.1.48 or later. For versions prior to 3.7.59, update to version 3.7.59 or later. For versions prior to 3.8.30, update to version 3.8.30 or later. For versions prior to 3.9.27, update to version 3.9.27 or later. For versions prior to 3.10.14, update to version 3.10.14 or later. For versions prior to 3.11.12, update to version 3.11.12 or later.