PYSEC-2026-917

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/saleor/PYSEC-2026-917.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-917
Aliases
Published
2026-07-07T10:17:28.063673Z
Modified
2026-07-07T11:45:50.740878961Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Details

Impact

Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14 and 3.11.12.

Workarounds

None

For more information

If you have any questions or comments about this advisory: * Open a discussion at https://github.com/saleor/saleor/discussions * Email us at hello@saleor.io

References

Affected packages

PyPI / saleor

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
3.1.48
Introduced
3.7.0
Fixed
3.7.59
Introduced
3.8.0
Fixed
3.8.30
Introduced
3.9.0
Fixed
3.9.27
Introduced
3.10.0
Fixed
3.10.14
Introduced
3.11.0
Fixed
3.11.12

Affected versions

2.*
2.10.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/saleor/PYSEC-2026-917.yaml"