2.10.1
4 years ago
4 years ago
Known vulnerabilities in the saleor package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Information Exposure due to the How to fix Information Exposure? A fix was pushed into the | [0,) |
Affected versions of this package are vulnerable to Information Exposure such that some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. How to fix Information Exposure? A fix was pushed into the | [0,) |
Affected versions of this package are vulnerable to Information Exposure such that some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. How to fix Information Exposure? A fix was pushed into the | [0,) |
Affected versions of this package are vulnerable to Improper Authorization due to not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. Note
This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the How to fix Improper Authorization? There is no fixed version for | [0,) |
Affected versions of this package are vulnerable to Incorrect Authorization due to missing permission checks. How to fix Incorrect Authorization? A fix was pushed into the | [0,) |