Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saleor has user enumeration vulnerability due to different error messages
Vulnerability Description
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
响应差异性信息暴露
Vulnerability Title
saleor 安全漏洞
Vulnerability Description
saleor是Saleor Commerce开源的一个接口软件。 Saleor 3.21.0至3.21.16之前版本存在安全漏洞,该漏洞源于错误处理不当,可能导致用户信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A